The information on this website is not legal advice. It is presented as useful information for teams, clubs, leagues, counties and organisations involved in sport, and does not replace professional advice tailored to your organisation by a solicitor / attorney working on your behalf.
Your Sports Connections Limited accepts no responsibility or liability for the accuracy of the information presented. Please seek your own legal advice.
What is the GDPR?
The General Data Protection Regulation intends to unify data protection for all individuals within the United Kingdom and European Union.
Why does it exist?
The aim of the GDPR is to protect all UK and EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.
Does the GDPR apply to my organisation?
The GDPR applies to any organisation (not just businesses) who hold, use or share information relating to an individual. This includes organisations who monitor or track the behaviour of UK or EU individuals, store data on them or sell to individuals within the UK or EU. This means that most sports organisations who maintain a membership list or database need to comply but also that organisations who are based outside of the UK and EU who sell to or store data on UK or EU individuals also have to be compliant as well.
Which Data is GDPR concerned with?
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
What does my organisation need to do to become compliant?
Where you collect and/or share personal data relating to an individual, you need to provide them with certain information (including but not limited to) how you will use their data, if you will share their data and the individual’s rights in relation to their information (see our GDPR Toolkit for further information).
Store personal data exclusively in GDPR compliant systems such as Your Sports Connections
Stop sending and storing PII via non GDPR compliant systems (unaudited spreadsheets, pieces of paper)
Where necessary, have processes in place to gain consent for the data you hold(see the consent form contained within our GDPR Toolkit)
Decide on appropriate retention policies for each type of data stored
Put in place appropriate organisational and technical measures to protect personal data
Where required, record your data processing activities and appoint a data protection officer
Undertake data protection impact assessments where necessary;
Have processes in place to respond to data subject requests in a timely manner
The above is not a definitive list of steps you should take. For further comprehensive information regarding the steps you should be taking to ensure compliance with GDPR, please see the ICO guidance: