A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 8 June 2018
It can be a challenge for sporting bodies to meet their obligations under existing data protection law, not to mention the enhanced obligations under the General Data Protection Regulation ("GDPR"). However, because of the GDPR, data protection is a significant risk management issue. Like any other risk, it needs to be assessed, continually monitored and in many cases insured against. Fines under the GDPR will increase, as will the scope of compensation payable to data subject whose rights have been breached.
This article by Aidan Healy considers the challenges of the GDPR, as well as existing regulations such as the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (which are particularly relevant as regards fundraising) and the steps sporting bodies need to take.
The GDPR, as I'm sure readers are well aware, came into effect on 25 May 2018. It represents a development of data protection law rather than a rewrite. Many of the GDPR's requirements are already in place under existing data protection law. It is important to stress that data protection is principles-based and so the answer to any question will often be 'it depends' and may differ from organisation to organisation. This leads to uncertainty in many sectors and this is not helped by one-size fits all software solutions promising GDPR 'compliance'.
There is no exemption for the sports sector in terms of the fines and compensation which could arise. While the maximum fine of the higher of €20 million or 4% of turnover has been much heralded, the ability of data subjects to claim compensation for breaches of their data protection rights, even where they have suffered no financial loss, is a more clear and present danger for organisations.
It isn’t possible in the space available to deal comprehensively with a behemoth like the GDPR and so the following are some top tips for sports bodies and common myths about the GDPR.
1Soft opt-in works is as follows (i) you must be marketing a product or service similar to that which you sold to the customer when you obtained their contact details, (ii) when you obtained their details, you gave them a chance to opt-out of their details being used for marketing purposes and (iii) each time you send a marketing message, you give the customer the right to opt-out of receiving further messages and (iv) communications must be sent within 12 months of the original sale or the last electronic communication.2This means that you can market to them provided you have previously given them the option not to receive such marketing and they have not availed of this option.3This means you can only market an individual where you have their explicit consent to do so.4National Directory Database.
+353 (0)1 231 9654
+353 (0)86 042 4405
+353 (0)123 19669
+353 (0) 12319691
+353 (0)1 231 9675
Hans Allnutt, Rhiannon Webster
Rhiannon Webster, Hans Allnutt