Data Protection Impact Assessment (DPIA)

This is our assessment into the risk of the more sensitive data on Athlete Manager.

In this document, "we" or "our" refers to Athlete Manager, "you" refers to you and your account and "group" and "club" can be used interchangeably to mean any organisation or charitable cause that is associated with Special Olympics GB.

This DPIA has been filled out as some of the information on Athlete Manager may be sensitive.

  1. The data on Athlete Manager can be split into group requested and 'generic' data. Group requested data would be custom forms that groups create with specific questions whereas generic data would be the name, age, sex, gender and contact details of the individual.
  2. For group requested data...
    1. The group would control the scope of the form, it may be required for guardians, volunteers and athletes or any combination of individuals.
    2. The context could vary from general group administration to specific questions for a certain event.
    3. Before publishing a form, the group must confirm that the form is compliant under the DPA and, in particular, that it does not ask questions 'just in case'.
    4. Some questions may be particularly sensitive. In this case, the form overall can be marked as 'sensitive'. This means only volunteers with a certain permission on the system will be able to access the data in the form.
    5. The risk overall is low as there is not a high risk of harm coming from the data that groups in general will require.
  3. For generic data...
    1. The nature of the generic data points is to only enter data once for certain questions that are likely to be asked by any group the individual is involved in. For example, every group will want to know the age of the individual.
    2. The scope is system wide, every individual on the system can provide their sex, gender and age.
    3. Volunteers and guardians can supply an email address and phone number for contact details. These can only be accessed by volunteers with the correct permission.
    4. For this data, the risk to most individuals is also low. A potential discrimination issue may arise from someone's biological sex not matching their stated gender. This is deemed to be unlikely on a system where the only people with access to that information would be those at the group they are already involved with.

The overall risk to data on the system is low and whilst some of the data for some individuals may relate to health questions, it is unlikely that these questions will be too probing. The questions should be just sufficient enough for the group that asked the questions to be able to implement any requirements or put in place any safeguards for the individual. For anyone that feels like they are being asked questions that are not justifiable, they can contact us via email and we can look into it.