Data Protection and the GDPR
On 25 May 2018, the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA18) came into force.
Who is subject to the GDPR:
The GDPR applies in some way to any organisation which collects and processes personal data. This includes all sports clubs and governing bodies, whatever their size or level of funding.
It covers not only the personal data of a club’s members but also the data of the club’s employees or volunteers.
Sports clubs receiving individuals’ personal data and deciding what they do with it are deemed ‘Data Controllers’ under the law.
Clubs must ensure that any third parties engaged to process data on the club’s behalf, referred to under the law as Data Processors, also comply with the law. A data processor could be a marketing company engaged to carry out a campaign or survey on behalf of the club’s members (e.g. SurveyMonkey), a website host or data storage platform in the cloud that manages the club's data collection and storage.
Club Data Protection Policy
Privacy Notice
Who is subject to the GDPR:
The GDPR applies in some way to any organisation which collects and processes personal data. This includes all sports clubs and governing bodies, whatever their size or level of funding.
It covers not only the personal data of a club’s members but also the data of the club’s employees or volunteers.
Sports clubs receiving individuals’ personal data and deciding what they do with it are deemed ‘Data Controllers’ under the law.
Clubs must ensure that any third parties engaged to process data on the club’s behalf, referred to under the law as Data Processors, also comply with the law. A data processor could be a marketing company engaged to carry out a campaign or survey on behalf of the club’s members (e.g. SurveyMonkey), a website host or data storage platform in the cloud that manages the club's data collection and storage.
Club Data Protection Policy
Privacy Notice