Who's in your phonebook? A GDPR update for clubs

The helpline has been very successful in helping leagues and clubs adapt to the new General Data Protection Regulation (GDPR). Due to the volume of GDPR advice we’ve provided this year, we have noticed some patterns emerging in how the new legislation is affecting clubs at a grassroots level.

Data on devices

One such issue is due to the informal record systems of most grassroots clubs. Committee members usually access or hold some of their club’s personal data in their personal devices. This presents a problem when clubs split, or individual committee members leave to set up their own clubs.

If they then continue to use, access, copy or take personal data provided for the original club’s purposes with them, and hold that personal information, it constitutes a data security breach of the original club’s data.

This is unauthorised access to, and processing of, the personal data and the committee member is, knowingly or not, committing a possible offence by using the club’s original data for their own purposes.

Control access to personal data

Taking data in this way is a contravention of the GDPR by the individuals, and a data security breach of the club’s personal data. Both could result in separate and potentially severe sanctions by the ICO under GDPR.

Clubs should be aware of this risk, and of the importance of having clear and controlled access and data return measures imposed on committee members.

Our data protection team have advised numerous clubs and leagues on the above issue. We have also advised on a number of subject access requests, which can be a complex and time-consuming issue for clubs and leagues.

If you have any queries about the matters discussed please contact your dedicated team:

County FAs

Call 08448 240 432 or [email protected]

Chartered Standard Clubs