How you communicate with club members takes on greater importance from May 2018 when the new General Data Protection Regulation (GDPR) comes into force on May 25th. Is your sports club prepared?
Has you club started its GDPR journey? Have you appointed a Data Protection Officer? Do you need to? Are third parties your club deals with compliant? Are your communications tools compliant?
There are many questions raised for sports clubs as a result of GDPR and ensuring your communications tools and data management are GDPR-friendly is a must for all sports organisations.
GDPR Compliance for Sports Clubs in Ireland
What is General Data Protection Regulation (GDPR)?
General Data Protection Regulation (GDPR) comes into force across Europe from 25th May 2018, a looming deadline for all sports organisations to comply with the legislation and be able to demonstrate compliance.
The regulation came into effect on 27th April 2016 but becomes enforceable in May 2018 after a two-year transition period. It replaces the 1995 Data Protection Directive.
GDPR legislation requires all sports clubs (as data controllers and processors) to demonstrate how they obtained consent from data subjects for fair & lawful usage and for a specific purpose. They must ensure data is accurate; retained for as long as necessary for the intended purpose; collected only for its intended purpose; processed securely and the club is full responsible and able to demonstrate compliance with the new regulation.
There are seven principles of GDPR, five of which have a direct impact on sports clubs, governing bodies and affiliate entities who deal directly with personal data.
- Processing of Data
- Lawfulness of Processing
- Conditions of Consent
- Conditions Applicable to Consent of Children
- Processing of special categories of personal data (not applicable*)
- Processing of personal data relating to criminal convictions and offences (not applicable*)
- Processing which does not require identification
Does GDPR Apply To My Local Sports Club?
In short, it most likely does. If you collect or hold personal data for members and/or volunteers for your local club whether it’s GAA, football, basketball, tennis or cricket (or any sport), you have a responsibility to be compliant with the terms of GDPR.
What is personal data?
Personal data is any piece of information that can be used to identify a person. Examples of Personal Data which sports clubs typically hold:
- Name, Surname
- Date of Birth
- Telephone Number
- Email Address
- Photographs, IDs
The full text of the GDPR legislation is an 88-page document from The European Parliament and The Council of The European Union detailing the protection of natural persons and the processing of their data.
The most common roles that sports clubs need to be aware of in the context of GDPR are outlined below:
A data subject is any person for whom data is held – so in the case of sports clubs, this is the average member of a club. All data subjects have the right to access, receive, erase, rectify, restrict processing and object to processing at any time.
Clubs and club volunteers (as club representatives) are controllers of data relating to data subjects and have specific responsibilities under the new legislation.
Data Processors include organisations like MyClubFinances.com and National Governing Bodies (GAA, FAI etc.) who are responsible for processing data on behalf of controllers. Data Processors responsibilities and obligations are also specified in the GDPR legislation.
Data Protection Officer
Some organisations (such as government bodies) must appoint a Data Protection Officer. It’s not required for sports clubs but it is recommended that a single point of contact (e.g. the Registrar) takes responsibility for ensuring data compliance.
MyClubFinances.com has helped sports clubs to manage their data for 10 years. We are Certified Data Protection Practitioners since 2014 and more recently have worked with external data protection experts and security consultants to ensure our process and policies are of the highest standards and in line with the new regulation.
Find Out More
Is your sports club GDPR compliant? Talk to MyClubFinances.com today to demystify the forthcoming GDPR legislation and learn how we can help your club in complying with the laws around data protection.