2. Which of the following are Personal Data Yes No
Address
Passport number
Medical records
Names on a team sheet
List of fixtures
Salary details
Accident record

3. Which of the following constitute data Yes No
Information stored on digital devices
Information on a selection notepad
Information on office records
Information on the club’s website
Information not obtained from the club

4. Do all breaches have to reported to the ICO? Yes No

5. How quickly must a Subject Access Request be answered Tick correct answer
48 hours
1 calendar week
1 calendar month

6. Which of these are processing? Tick correct answers
Obtaining information
Amending information
Recording information
Viewing information
Deleting information
Using information for selection

7. Does the club need to reply to Freedom of Information requests Yes No

8. Who is obliged to report breaches? Yes No
Just the DPO
Just the board of directors and the DPO
Just the board of directors, ManCom and the DPO
All members

9. To whom must a high risk breach be reported? Yes No
The ICO
The ICO and the individual affected in all high risk cases
The ICO and the individual affected if there is a high risk to the rights and freedoms of the individual

10.A Data Protection Impact Assessment is needed before implementing proposals which could result in a high risk to individual interests, Which of the following would require a DPIA ? Yes No
Installing CCTV cameras to record matches
Merging Clubbuzz records with office records
Appointing a new pitch cleaning company
Appointing a new payroll administrator
Moving physical records onto a website
Hall hire