Data protection guidance for clubs

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. GDPR replaces the old Data Protection Act 1998 (DPA).

Although many of the GDPR’s main concepts and principles are much the same as those under the DPA, there are a number of changes for clubs to consider.

Sport England recently commissioned the Sport and Recreation Alliance to lead a project to help support the sport sector meet the legislative requirements of GDPR.

Head to the Sport and Recreation Alliance Website to access further guidance documents.

There are also a range of guidance documents on the Information Commissioners Office (ICO) website.

The ICO is the regulator for data protection and have issued the following statement:

To small and micro businesses, clubs and associations who are not quite there, I say … don’t panic! As the new ICO Regulatory Action Policy, out for consultation very shortly, sets out, we pride ourselves on being a fair and proportionate regulator.

That will continue under the GDPR. The 25 May is not the end of anything. It is the beginning, and the important thing is to take concrete steps to implement your new responsibilities — to better protect customer data. My office has lots of resources to help you do that.

Top