In April 2017, the European Union passed the General Data Protection Regulation (GDPR). It will take effect in 2018. This law doesn’t only cover businesses, but sports clubs as well, since clubs, too, handle sensitive personal data their members trust them with. Here is a guide to GDPR compliance and how it will impact the way your sports club needs to handle data:
How Your Sports Club’s Members Will Benefit from the GDPR
The GDPR will harmonise the data regulations from all its member nations, better protecting EU businesses and organisations from data breaches, all too common in today’s digital environment.
What Does the GDPR Require of Sports Club Administrations?
Starting from the 25th May 2018, your club must have a secure way to archive your members’ sensitive personal data. You also must track your audits of these data. If a breach occurs, you must notify your nation’s data authorities within 72 hours. For UK residents, the proper authority is the Information Commissioner’s Office (ICO). If your club fails to follow these regulations, you may be subjected to GDPR fines greater than €20 million or four percent of your club’s previous year’s revenue – a hefty sum.
If your club handles a lot of sensitive data, you must appoint a data protection officer. It will be important for your club to provide that officer with effective tools for proper data governance.