GDPR for Sports Clubs
The General Data Protection Regulation of EU became law of the 25th of May 2018 and most people have already received a lot of e-mails regarding updated conditions, privacy policies and declaration of consents. But what does this new set of rules mean for sports clubs? Even small clubs have to take action. SportMember gives you an overview and some guidelines for you to handle the situation and ensure compliance.
GDPR for sports clubs - what does it entail?
The GDPR has sharpened the requirements for the processing of personal data. The main purpose is to protect the people who are registered and ensure that the personal data is not misused. Furthermore, sports clubs are also obligated to meet new demands and requirements regarding documentation. Basically, this means that sports clubs must ensure that documentation of how the sports club process personal data must be easily accessed by the members of the club. This must be done by all sports club, even if it is a small club.
GDPR can be broken down into four headlines:
1. The purpose of the personal data processing in the club
All sorts of personal data processing must be lawful. Different lawful bases exist and can be exemplified by either fulfilling a contract with the registered, based on consent, legal obligation, or the purpose of a legitimate interest.
It is important to consider the lawfulness of the processing. In most cases, sports clubs will be able to process data from their members for the purpose of a legitimate interest as long as the processing serves the original purpose of the processing. Registration of name and contact information will be based on a legitimate purpose because sports clubs, of course, need to have a member database and be able to contact them. On the other hand, registration of civil status and job does not serve a purpose and should therefore not be registered by the club.
2. Records of processing activities (requirement of documentation)
The sports clubs are obligated to keep a record of their processing activities. This means that the sports clubs must be able to provide an overview or the processing which includes what information is processed, how the information is processed, receivers of the information, etc.
3. Privacy policy (information to be provided)
Sports clubs are now obligated to provide information on when the personal data is processed. A workaround for the clubs is to have a privacy policy where the sports club can inform the members of every aspect of the data processing. The privacy policy must cover information regarding which, how, and why the personal information is processing. Furthermore, contact information to the person in charge of the data protection.
4. Data security
The sports club must be able to guarantee a sufficient security regarding the processing activities. Furthermore, the sports clubs are obligated to notify the supervisory authority in case of a personal data breach.
The sports club as the data controller
Sportmember have a data protection policy for clubs. It is important to understand the terms data controller and data processor because the requirements are different. Sports club are registering and storing information about their members which makes them data controllers. Even if the club uses a third party service like SportMember, the responsibilities lie with the club. But what does it even mean to be data controller?
As data controller, the club is among other things responsible for the lawfulness of the processing. The data controller is also required to inform the members about the processing and notify the supervisory authorities in case of a breach. Last but not least, if services like SportMember are used by the sports club they must have a data processing agreement.
Data controller - how to handle club membership lists
If you haven't already done it, you'll have to make some adjustments on how club membership lists are stored. Simply storing data in any binder that can lay around scattered in the club office is not allowed anymore! If you have membership lists in physical binders they must be stored in a place where only you, as data controller, have access. If you have it stored on a desktop, the desktop has to be protected by a password.
SportMember as the data protection policy for clubs
The GDPR was created for the safety of the people. Here at SportMember, we understand that this new legislation can be quite difficult to cope with for the sports clubs. Therefore, SportMember has tried to ensure a smooth and easy way to handle the GDPR. Among other things, we have updated our terms & conditions and our privacy policy which all of our users must accept. These updates are in order to meet the rights of the users so SportMember can continue to make everyday tasks of a sports club easy. SportMember ensures the security of the data processing, so the clubs and their members safely can use SportMember to handle your data.
How SportMember handles GDPR for sports clubs
SportMember takes over the role of Data Processor, so you can also spare a large part of the work and not worry about overstepping any laws. We have consulted specialized lawyers to ensure that SportMember is fully GDPR compliant. All relevant contracts, declarations of consent etc. for the use of SportMember have been updated in terms & conditions and the privacy policy, and has be agreed upon by any sports club member before use. Of course, SportMember will also handle data security of your membership lists, so you can safely store your data at us.
GDPR small clubs template
When your sports club is handling the documentation, is it important to have an overview of all processing activities that take place in the club. To complete the record of processing activities and privacy policy can be a big task. In order to help your club and make the process easier, templates are available from Information Commissioner's Office here.
FAQ concerning GDPR
Do we need to make our own data processing agreement with SportMember?
No. Here at SportMember, we have made it easy for your club! There is already a data processing agreement waiting for you when you create a club here at SportMember. This means that your club does not need to worry about developing a data processing agreement from scratch. SportMember has a standardized data processing agreement and therefore we do not accept data processing agreement for every club due to our capacity.
Are the users able to delete their own account?
SportMember has made it available for the users to delete their own account. However, it is important to mention that our personal data conditions state special cases if a user, for example, has not paid their membership fee.
Is the club admin able to delete accounts from SportMember?
No. The user has ownership of their own account. But the club admin has the ability to remove the relationship between a user and the respective club. In this case, the club will no longer be data controller of the given user, since the user will still be active on SportMember and be able to connect to a new club. SportMember will from here on be data controller for that user.
GDPR CHECKLIST
- 1 Make an overview of all your processing activities
- 2 Create documentation. Keep a record of your processing activitites for the supervisory authorities
- 3 Develop a privacy policy and ensure all of your members are aware of it
- 4 Enter into data processing agreements if you use third parties to process your data
- 5 Select a contact person that is responsible for data security in your club.What about our members' rights and our obligation to inform about processing activities?
SportMember has ensured that terms & conditions and the privacy policy are up to date so the data processing performed by SportMember is transparent and understandable. We inform about the purpose of the processing, the rights of the users and about special conditions regarding deletion and erasure.
Furthermore, SportMember offers a free website where it is possible for your club to make your privacy policy easily accessible to all members. Your club will also have the opportunity to inform about changes to all of your members through our communication system.
SportMember is trying to make everyday tasks as easy as possible. Therefore, we will keep updating our service and its functionality to be at its best at all times - also regarding the GDPR. If you have further questions, feel free to contact us.