Promoting Sport & Physical Activity

Sports equipment
Get ready for GDPR: Our best suggestions

Get ready for GDPR: Our best suggestions

Categories: Active Sussex News Sport Industry News

Data protection has hit the radar of sports organisations following high profile data leaks and cyber-attacks. The European Union (EU) has reacted to these by drawing up the General Data Protection Regulation (GDPR), which is already in force and Active Sussex are in a period of implementation - with the deadline for compliance set at 25 May 2018.

It may sound like a while off, but there are some key changes that will affect sports clubs/ organisations and need addressing. With Brexit anticipated for April 2019, current indications are that the GDPR will be applicable in the UK initially. Post-Brexit, the UK will have the option of developing its own law that is deemed adequate by EU Regulators (but which are expected to follow GDPR principles).

What are the key things to consider?

All sports clubs/organisations need to ensure with regard to personal data that:

  • they process it securely
  • it is updated regularly and accurately
  • it is limited to what the club/organisation needs
  • it is used only for the purpose for which it is collected, and
  • is only used for marketing purposes (if the individual has given the club/organisation consent to do so)

Control of information

The GDPR applies to any data controllers or processors, so if you collect any personal data in running your club/organisation (which you definitely will do if you have any members) - then the GDPR will apply to you! Your organisation’s key decision makers should be aware of the changes which will be brought in by the GDPR. Data protection should be a boardroom issue and board level training made a priority. Identify who monitors data protection compliance, as you may need to appoint a Data Protection Officer

Top ten steps for getting GDPR ready

Don’t risk huge fines and loss of reputation that could devastate your club/organisation. Use this checklist to make sure you are ready for GDPR compliance:

  1. Scan and shred as many hard copies as you possibly can
  2. Make sure that sensitive documents are filed immediately after printing
  3. Create anonymous print file names
  4. Avoid duplication of sensitive documents
  5. Encrypt data where possible
  6. Document changes to documents, as well as who changes them
  7. Update data often to keep it current and avoid errors
  8. Create stricter user permissions and protocol settings
  9. Review and update your club/organisations handling of children’s data
  10. Read the ICO guidance – take a look at the 12 steps to take now and the Getting ready for the GDPR self-assessment tools

Find out more