This is all well and good (and I have found the extensive replies above most informative - thanks chaps), but as I see it there is a disconnect between AUK on the one hand, and the organisers on the other.
While we organise under AUK rules, we do not do it as part of, or even on behalf of, AUK (though may be organising on behalf of another membership organisation like a cycling club, or CTC). So any opt-in or opt-out provided as part of the membership process arguably doesn't apply to us.
Which leaves us on our own. I'm not particularly bothered, as I do not retain any personal information except the actual entry forms, and do not propose to start direct marketing my event. But others could be affected.
I understand where you are coming from Phil and if you were just organising rides that were for your own and a number of other rider's personal enjoyment and maintained a personal email/contact list based on info they sent you directly (i.e. as Phil D, not AUK) then there's not problem. It could be argued that they still need an 'opt-out' but personal directories and mail lists are exempt from the DPA and P&EC regs.
However, you are effectively working on behalf of AUK if you are part of their data handling process and AUK should have a DP policy that covers your activity. This is not uncommon (volunteer based organisations do it all the time) and whilst the outworking might affect the way you handle data between you and AUK, in practice, I doubt it would make very little difference to what you do now or create any more work.
However, to safeguard both AUK and the privacy of its members, the DP policy should prohibit organisers from using this information for personal reasons or sharing it with another organisation.
Why is this?
Well, what can and does cause problems is when people start receiving
unsolicited emails from either an individual or another organisation (e.g. your CTC
DA Member Group) and feel that the information they have provided the original organisation (e.g. AUK) is being used for other reasons or passed onto 3rd party
without their consent. It's hardly an 'I'll see you in court thing' but it is bad practice and diminishes confidence in an organisation if they don't seem to be handling personal information securely and fairly.
<edit>
Reading your post again, I may have missed your point
but if you apply the same rules, if your club or your CTC group are collecting information on individuals and passing this onto AUK and off the back of this AUK starts sending that individual unsolicited emails, that's not good either. The onus falls on you/your club/your CTC group to get an individual's consent for this or AUK to provide an 'opt-out' in their mails.
</edit>
H