Does GDPR apply to sports clubs?
In short, yes. Yes, it does.
Unfortunately, there’s no getting away from May 2018’s General Data Protection Regulation (GDPR). And should the ICO come knocking at your door they’ll take no prisoners if you haven’t done anything about GDPR compliance.
GDPR applies whether you are a business to business (B2) organisation or business to consumer (B2C) organisation, such as a sports club. With GDPR you are accountable for the data you collect on people, what you do with it, and why you process it. What’s more, there are potential hefty fines for organisations, including sports clubs, if they are found to fall foul of GDPR. Fines running in to the thousands of pounds.
"The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU."
Source: The ICO – full article
What does GDPR mean for grassroots sports clubs?
Any member of a sports club, or in the case of children, their parents, have the right to ask to see all of the information you hold on them as of 25th May 2018. Should this happen to you, you will have 30 calendar days to present this data to them in an easy to use and ‘transferable’ format. A few printed sheets of A4 won’t do.
If you fail to provide the data in a digital format, they (the sports club member or parent) have the right to report you to the ICO. The ICO may then investigate you. Some see an investigation by the ICO as being as serious as a VAT inspection.
In addition, the member or the parent asking for information has the right to ask you to change the information you have on them (or their children). They also have the right to request data to be deleted or request to be permanently deleted from your files altogether. This applies to members and non-members of a sports club as well as live, dormant or inactive members.
These are just a few of the big headlines.
But don’t panic – Simply subscribe to our GDRP mailing list & we will send you our FREE GDPR guide and Check Sheet: 15 GDPR Essentials for Sports Clubs.
GDPR isn’t just for big businesses
The GDPR has been bubbling over in the business world for more than two years now. From Google, Facebook, Amazon, and Apple, to all of the banks, insurance companies and supermarkets. Many big organisations had teams of people dedicated to ensuring they were compliant with GDPR by the 25th May 2018.
We’ve been writing about GDPR for well over a year now on our blog, but we’re still encountering a lot of people in the sports world who mistakenly believe that GDPR does not affect them. The reality is though, it does. It’s very important that every sports club owner, coach, manager and helper should at least be aware of GDPR. They should also have an understanding of how it will affect their club.
"You’ll have to comply with the GDPR regardless of your size, if you process personal data."
Source: The ICO – full article
Data protection policy for sports clubs
The GDPR is essentially an update to the Data Protection Act 1998 (DPA). GDPR is based on a similar framework, but with several key enhancements built in to bring the legislation up to date for modern times. The legislation is a long overdue update of outdated data protection laws and should be embraced by organisations and not simply met with objection.
Sports clubs are organisations reliant on data to operate and as such regulations should apply. Even if clubs have been compliant with the DPA there are quite a few changes they should be aware of. Here’s a useful article ‘straight from the horse’s mouth’ to help you understand the differences.
Sport England and GDPR
With GDPR guidance in a state of flux, unfortunately even some of the bigger sports web portals out there don’t seem to have a great deal of GDPR guidance on their websites. Sport England and The Sport and Recreation Alliance are working on GDPR specific content that is due for imminent release (as at 23/02/18). Watch this space and we’ll provide a link as soon as we find out any more.
The Sport & Recreation Alliance does offer ‘10 questions to help you navigate your way through GDPR’ and also held a one-day workshop in 2017 but these are only open to members. Membership starts at £145pa and is based on a sports club’s size and turnover.
UPDATE 18/05/18 – Sport England and The Sport and Recreation Alliance have produced a suite of GDPR specific templates, guidance and advice aimed specifically at sports organisations, including grassroots clubs. We think this is absolutely fantastic news and will really help every sports club in the UK. More information can be found here.
GDPR Fast Track for your sports clubs
We at Coacha can not only help you to understand GDPR, but also help with getting you GDPR compliant. Coacha users will have the tools to get up to a good 75% of the way towards ongoing GDPR compliance just by simply subscribing to our software (Coacha2.0*).
Unlike with many of our competitors, we’ve built GDPR compliance tools into the heart of our software, which is designed specifically for sports clubs. Whilst some claim that SSL will help make clubs complaint, which it will, SSL alone is nowhere near enough. Wholehearted updates to core functionality are required. Updates that made to Coacha2.0.
These updates have been at great cost to ourselves. And, as always, none of these costs are passed on to our loyal subscribers either by increasing fees or further marking up transaction charges. The upping of transaction fees is often used to cover substantial software updates. Check out your software’s transaction fees and compare them to Coacha’s. Are you paying over the odds?
GDPR Compliance Software for sport clubs
With a whole host of GDPR compliance features having been built in to Coacha 2.0, sports clubs can become GDPR compliant quicker and with a lot of the admin hassle eliminated. What’s more, with our Member Portal, members and/or their parents can login to see information for themselves, saving you yet more time and admin.
This direct access to data is the gold standard of GDPR compliance.
All the data you hold on members is at their fingertips, or the fingertips of their parents. This includes all personal data, as well as their medical information. They can also access any financial info held on them as well as see every training session or event they’ve attended. If it is stored in Coacha, they will be able to access it.
And what’s more, you’ll be notified each time a person accesses their information from Coacha. You’ll be able to share your data without you or your coaching staff having to perform any admin at all.
Remember – if you keep information on people, any information at all, then under GDPR they have the right to see it. There are however some complexities, especially where information has an impact on safeguarding children (keep an eye out for our forthcoming blogpost on Safeguarding & GDPR**).
**Update July 2018 - Coacha2.0 now allows you to upgrade a note to a 'safeguarding note' which makes this information exempt from instant data download.
* please note that Coacha2.0 launched on July 1st 2018 at no extra cost to the previous version.
Coacha are committed to helping clubs with GDPR as well as safeguarding children. They’re both at the very heart of our software.
Chris Davis – Coach & Coacha co-founder