GDPR in sport software

Information privacy and data protection laws in sport

Privacy and data protection laws in the US are most likely to tighten over the next couple of years. California have already passed laws that place greater control of personal data in the hands of individuals themselves, so will other states follow?

Many observers believe that they will. And many also believe that new laws will follow a similar path to California and be based on Europe’s 2018 General Data Protection Regulations, or “GDPR”.

“The GDPR is setting a global standard, and U.S. companies will need to comply,” says Marc Rotenberg, president of the Electronic Privacy Information Center, a Washington, D.C., advocacy group. “Big U.S. firms are already required to comply with the GDPR for European markets, so it makes sense to extend a similar approach to the U.S.”

Source: http://fortune.com/2018/11/29/federal-data-privacy-law/

With technology giants such as Google and Apple backing demands for law reforms, there’s no doubt that many other tech and software companies will follow their lead. And we at Coacha believe the sports tech industry should do the same.

In fact, we are actively championing it.

Will changes in privacy laws effect you and your organisation?

The answer to this question will be a resounding yes. With this in mind then, what do you need to do?

You will need to think more about the data you process and how your students can have greater access and control of it. Can you give them this access already? Can they amend or update the info you have on them? Or their children? Can you honestly say that all the personal information you have is safe and secure?

Whatever you do, don’t panic. There’s an option open to you that that involves far less work for you than you would think to get on top of these things. An option that will help you to massively improve how you look after and process people’s data.

It’s also an option that could help save you money. And also vastly reduce a lot of your valuable time spent on sometimes unnecessary admin.

Why not show your
students (and especially parents of younger students) that you really take information privacy and data protection seriously in your organisation? Only positive things will come out of it, and we can say that based on experience.

GDPR grass roots sports clubs

GDPR fines for sports clubs

Data Protection, GDPR and the EU & UK

Whilst the information to follow on this page is specific to the EU and UK, it’s likely much of it will become relevant in the US during 2019 / 2020 and beyond. It’s also likely to apply to varying degrees from state to state.

This article intends to provide useful information that may have an impact on US Data Protection Laws and Information Privacy (GDPR in the EU & UK). It will be of interest to people involved with running any type and size of organization, club, association, programme or league.

However, this info is especially useful if you are involved with running or coaching at a sports club. We’re passionate about GDPR for sports clubs in the EU and want to share our knowledge with you and your organisation.

The FREE information on our website includes guides and templates, as well as simple explanations (in plain English) of some pretty complex EU legislation and what it means. There’s also the opportunity for you to hit the ‘gold standard’ by giving your
students control over their own data. This functionality lies at the very heart of emerging changes to Data Protection Laws and Information Privacy.

So, will new data protection laws effect small clubs?

Any organization of any size that collects and uses personal data is subject to the GDPR in the UK & EU. Whether a business, a government body, a sports club or a social club or society, GDPR absolutely does apply. Turning a blind eye to it, or simply ignoring compliance requirements, may result in a fines to organizations irrespective of how big they are.

The same is true of any sport. Data protection laws are as applicable to small clubs as they are to large global multinational companies. It’s likely that the same will apply to the US with any changes in information privacy laws.

GDPR and small sports clubs

How will new privacy laws affect sports clubs?

For any type of club in the EU & UK, the main impact of GDPR has been around systems and process involved with collecting, storing and using people’s personal data. This ranges from email addresses through to personal medial notes. Next of kin information through to safeguarding information. Most information that is ‘personal’ will fall under any changes in legislation, as they have with the GDPR.

So, what can you do to get ready for any changes?

Well, if there were clearly defined process you would be able able to get your organization on the road to compliance and avoid any potential fines. Unfortunately, these guidelines don’t exist in the US - yet. But that doesn’t mean you can’t start to think about them.

As part of this thinking, you should think about what personal data you need, how best to process it, and demonstrate at least a basic understanding of what data protection and privacy laws are.

These are all things we at Coacha can help you with – and at no cost to you or your club. Our membership management software is packed full of data privacy features that will help you secure your
students details. It will also give your students greater control over their own data too. Win, win.

To see how, check out our Club Management Software article.

7 incredibly useful information privacy and data protection resources

As we’ve already mentioned in this article, information privacy and data protection laws in the US aren’t as tight as they are the EU and the UK. With California potentially setting the precedence for new US laws that other states are likely to follow, Europe’s GDPR will give a lot of insights in to how these new laws may look.

Very important notice:

These 7 incredibly useful resources are specific to the GDPR in the EU and UK and are located on our UK website (links provided below). The information discussed in the resources is not applicable to the US organizations (clubs etc.) with US based customers (athletes, students, players, etc).

However, they can offer guidance on what organizations like yours should start to consider in preparation for changes to US laws. They also highlight why it’s important that you know what any changes to the law could mean to both you and your


information privacy resources for sports clubs

sports coaches

1 – FREE guide to information privacy and data protection in sport

Download a completely FREE GDPR in Sport guide

This guide is essential reading for anyone that is involved with a club. Any type of club – sports, social or otherwise. You will not only find out more about GDPR itself, but you’ll also get a FREE 22-point check sheet. Plus, links to download a FREE Privacy Impact Assessment (PIA) which organizations in the EU and UK will need to complete as part of GDPR compliance.

The guide also has links to further useful resources on the web which include really useful information from the UK’s Information Commissioners Office (ICO) and also the NSPCCs child protection in sport best practice guidelines. Also, as the GDPR is relatively new, it is constantly evolving and being updated. As part of downloading this completely FREE guide, we’ll even send you notifications of whenever we update the document.

Feel free to pass this on to anyone you think may benefit from seeing it. We would suggest though that you get them to join our mailing list and update service, so they too can benefit from the GDPR (and other) information we regularly share.

2 – Data protection in sport: What it means for sports Coaches like you

In this article you will: discover how GDPR in Sport will affect you.

One of the most popular pageson our UK website, this article really explores what GDPR means for clubs and coaches. It takes a good look at how GDPR will affect people and exactly where they should get started with tacking GDPR.

There’s info discussing how there’s a need to update privacy policies, and also many useful links showing how other organisations are tackling GDPR. Links to both sports related websites as well as examples of larger non-sport related portals such as the BBC.

We delve in to what it means if people ask for a copy of the data that you hold on them alongside them having the right to update the data and also the ‘right to be forgotten’ completely. In the EU and UK, if people do want a copy of the data held on them, it needs to be provided to them in an electronic / digital format that they can take away and use elsewhere (as a CSV file for example).

The piece also draws similarities between the ICO and the inland revenue (the new ‘VAT-Man’) and why fines are, and will continue to be, dished out to any type of organization falling foul of GDPR.

Finally, the importance of Data Security is covered as well as why it’s important that you’re an organization’s team are made aware of the importance of GDPR and what they should be doing to help your their club.



What is GDPR in sport?

GDPR in sport documentation

3 - What is data privacy and how should you be preparing for it?

In this article you will: see why Sports Club GDPR is important to all clubs.

This is a meaty article and not for the feint hearted. However, we really boil down information that the ICO put out back in 2017 in their bright yellow publication ‘Preparing for the General Data Protection Regulation (GDPR) - 12 steps to take now’, so it’s worth a read.

The article explores the 12 steps and explains what they are. The 12 steps include:

1. Awareness
2. Information you hold
3. Communicating privacy information
4. Individuals’ rights
5. Subject access requests
6. Lawful basis for processing personal data
7. Consent
8. Children
9. Data breaches 10. Data protection by Design and Data Protection Impact Assessments
11. Data Protection Officers (DPO)
12. International

4 - What documentation does my sports club need?

In this article you will: get FREE sports club GDPR templates and guidance on how to use them in the EU and UK.

In the business world, having bespoke GDPR documentation produced is a costly process. Even small businesses don’t see much change out of US$2,000. The same would be true for any club if they were to pay an attorney to have their own produced.

Fortunately, Sport England and The Sport & Recreation Alliance have produced an incredible set of documents that any UK based sports club is able to download and use for their own purposes.

The process starts off with a GDPR Compliance Questionnaire which is designed to get people thinking about GDPR and how their club processes personal data. There are several Privacy Policy templates for them to choose from as well as a Data Protection Policy, Individual Rights Documentation and a Data Protection Impact Assessment (DPIA) template – all of which organizations free to personalise for their clubs.

Add to this guidance for Direct Marketing under GDPR and lots of additional notes, the Sport England and The Sport & Recreation Alliance really have delivered top notch guidance and direction.

In this article not only do we provide links to these documents, but we also provide an overview of what they are. And there are a lot of them! Use this article to help you get through what the documents are and what they should be used for.



cloud based sports software

100% GDPR compliance

5 - Will computer or cloud-based software help me with compliance?

In this article you will: see if software for sports clubs can help with your GDPR compliance.

Whilst there is no software that can help you with some of the decisions you need to make about processing data (deciding which legal bases to choose for example), there are tools to help you build information privacy into your club’s day to day running.

This article looks at some frequently asked questions about software (and Apps) and how it can both help save you lots of time on admin and help with your club’s on-going data protection compliance.

Questions like:

‘How do I let people amend the data I hold on them, or their children?’
‘How can I give my
students an electronic copy of the info I have on them, or on their child?’
‘Why should I complete a Privacy Impact Assessment?’
‘How can I get my coaching staff to record information correctly’?

With the solution in place, people in the EU and UK could be well on their way to achieving a good 75% of their ongoing compliance in next to no time. And all for a lot less effort than you would think.

6 - Can a piece of sports club software make you 100% compliant?

In this article you will: find out how by using sports club software will be on your way to information privacy and data protection law compliance.

We’re all looking for help or short cuts with admin, especially when it comes to running and managing a sports club (or any other type of club for that matter). None of us signed up to spend hours and hours sorting out paperwork and getting around all of the red tape.

Whilst there is no magic software solution that will make you 100% complaint there is a way to get you a good deal of the way there. However, choosing the right software combined with an awareness of information privacy and data protection law will make sure that you are well on the road to getting your club ship shape and ready for any legal changes to come.



Data protection for sports clubs

Sport England, NGBs and GDPR

7 - The Gold Standard of giving people access to their personal data

In this article you will: see that you can give people direct access to a submit a Subject Access Request using a sports club management system.

When it comes to GDPR, the ‘standard’ and therefore minimum requirements that people must meet when their club
students / parent submit a Subject Access Request (or a Data Request) are:

• Provide them with their data within 30 days of them asking for it
• Provide it to them in a digital format that is easily transferable and can be used elsewhere (such as a CSV file for example)
• Supply them with the information using a secure process

It’s widely accepted that GDPR will bring more admin to any type of club. There more
students a club has, the more admin this could potentially involve, especially if there aren’t robust systems in place.

By using software that enables secure logins by
students / parents themselves to access the data you hold on them, huge amounts of your time can be saved when people ask to see their data. The same is true for updating and deleting any personal data.

Although quite a small article, this piece shows you that there is a way to accelerate your data protection compliance process, and at the same time save lots of time on your club admin.


In the UK, Sport England and The Sport and Recreation Alliance pushed out their GDRP documentation mid-May 2018 and many of the UK’s official NGBs have followed suit. Most NGBs have taken the templates produced by Sport England and The Sport and Recreation Alliance and personalised them for their own sport.

If you belong to either an official or unofficial NGB in the US it’s worth visiting their website and doing a search for ‘GDPR’ and see what comes up. This will give you an idea of how new data protection laws have affected your sport in the UK, and show you what may be arriving in the US.

Some NGBs have been quicker than others when it comes to GDPR so where info seems to be missing on their sites it may simply be a case that they have yet to add it.


GDPR and Coacha Software

Sport England, NGBs and GDPR

The Legal Stuff

The content of this article is intended to provide a general guide and observations to information privacy and data protection laws in the EU and UK and how GDPR may have an effect in the US on any changes to US laws. It is not a statement of fact and only the authors observations. It is also not to be regarded as a substitute for consultation with a legal specialist who can advise you with a focus on your specific circumstance. Specialist advice should be sought about your specific circumstances..

  • *
  • *
  • *
  • *
  • *