Bowls Wales Case Study
Case Study: Bowls Wales’ Journey to GDPR Compliance
Organisation: Bowls Wales
Role: Sporting Governing Body
General Manager: Sophie Brisland-Hancocks
Overview: Bowls Wales serves as a coordinating body for various bowling codes across Wales. Unlike other sporting bodies with club memberships, Bowls Wales supports and governs six separate volunteer-run organisations, each responsible for different forms of the sport. The organisation’s responsibilities include club development, governance, and ensuring compliance with regulatory standards such as GDPR (General Data Protection Regulation) for privacy and data protection.
Challenge:
The member organisations of Bowls Wales are predominantly volunteer-run, with limited IT and technical knowledge. As GDPR compliance became a minimum standard for these organisations, it was clear they lacked understanding of data protection risks and responsibilities. This gap in knowledge posed a significant challenge to achieving compliance and safeguarding member data.
Need:
- Educate volunteer-run organisations on GDPR and data protection.
- Develop compliance with GDPR to mitigate liability for Bowls Wales.
- Provide a practical approach for these organisations to manage data responsibly.
Goal:
- Train staff and volunteers to understand and implement GDPR standards.
- Create a culture of data protection awareness and responsibility.
Solution
To address the identified needs, Bowls Wales partnered with Cybata to design and deliver tailored workshops focusing on data protection/GDPR and related cyber-security measures.
- Initial Planning:
– Sophie met with Chris from Cybata to outline the specific needs and desired outcomes of the workshops.
– Emphasis was placed on creating informative yet engaging sessions to avoid overwhelming participants with information. - Workshops Design and Execution:
– Two bespoke workshops were created, each lasting two hours and held two weeks apart.
– Workshop 1: Focused on theory and basics of GDPR/ data protection and cyber-security, incorporating interactive elements to facilitate understanding.
– Workshop 2: Built on the first session, using real-life examples to demonstrate practical application of the concepts learned.
Implementation:
Each of the six member organisations sent two representatives to participate in the workshops. Chris delivered the workshops encouraging participation and making the complex subject matter accessible and relevant through engaging activities such as Cybata’s GDPR Cyber Card Game.
Outcome
- Consistent understanding of GDPR standards required across all member organisations.
- Now fully aware of the documentation required to support GDPR compliance
- Each organisation now has, or is developing, a privacy and data protection policy.
- All participants now understand the importance of managing their digital security
- Significant increase in awareness and understanding of data protection among volunteers.
- Greater openness and willingness to address data collection and storage practices.
- Fostered relationships between the organisations by recognising their collective duties.
Feedback
Participants found the workshops extremely useful, with positive feedback on Chris’s delivery and the practical nature of the sessions. Initial apprehensions about engagement were overcome, resulting in active participation and constructive discussions.
Future Plans:
- Bowls Wales plans to conduct annual refresher sessions to maintain and enhance GDPR compliance.
- The organisation is now working towards Cyber Essentials certification, leveraging the newfound understanding and importance of cybersecurity among member organisations.
Conclusion: Through strategic partnership and tailored educational workshops, Bowls Wales has significantly improved its member organisations’ GDPR compliance and data protection practices. This initiative not only mitigates legal risks but also fosters a culture of data security and privacy, ensuring the long-term sustainability and integrity of the sport across Wales.