Your inboxes are being swamped with calls to action, to update your permissions or to lose access to information that you might have taken for granted but never formally requested.
GDPR or the General Data Protection Regulations are only three days away and if you haven’t done so yet you might need to update your own permissions from this morning’s Sport for Business Daily Digest if you want to keep on getting our news and analysis delivered by mail. If you are a member then fine but if you are reading as a guest, the times are about to change.
Sport is of course so much wider than one email news Digest and the GDPR horizon has seen a lot of activity from clubs and National Governing Bodies over recent months, weeks and days.
We caught up with Sport for Business member Warren Healy, the CEO of My Club Finances to get some guidance for you on what happens after Friday.
With GDPR right on us now is May 25th a shutdown date for sports organisations and clubs if they have not got explicit permission?
The rule for after the 25th is that if you have previously obtained the data lawfully and have used the data to communicate over the last 12 months, you can still use it now and no new consent is required. However, all communications need to have an ‘unsubscribe’ button and the data subject (communications receiver) should be able to change their minds at any time – they should be able to opt-in and opt-out for communications as they choose.
For those still in the process of asking permission, is there leeway on sending reminders?
If you are unsure as to how you obtained the data and are not sure if you received consent to communicate, then no, there is no leeway, unfortunately. The cut-off date for compliance is the 25th – this includes being able to demonstrate where consent was granted originally.
What have been the main issues you have seen through MyClubFinances.com?
We are seeing a dramatic increase in Subject Access Requests and Right to be Forgotten requests from members through their clubs. We anticipate that this will continue to be significant, certainly for the remainder of 2018. Based on what we are seeing now, we think it will spike initially and level off over time as more clubs become compliant and members become comfortable that their clubs are taking their data seriously.
If a club is using a centralised system, then it is relatively easy to comply with these requests and we do the work for clubs on the MyClubFinances.com platform. In our experience, the vast majority of clubs are taking GDPR seriously and are doing the level best to be compliant.
We have also seen a dramatic increase in the number of clubs joining the platform as they increasingly look to systems to save time and be compliant with GDPR and the old way – paper and Excel spreadsheets etc. is not acceptable any more as it’s less secure and more error prone.
How compliant would you say the sports sector is versus others?
We see that the majority of NGB’s have given clear and concise direction to their clubs and most are making significant efforts to comply. In the unfortunate event of a breach, it will be important that clubs and NGB’s can demonstrate that appropriate steps were taken to be compliant.
How compliant would you think Ireland is versus others?
Ireland tends to lead the way with regard to being compliant with EU regulations. From what we can see across the EU, we think the experience with GDPR is no different – as a nation we are taking it seriously. It is remarkable how much GDPR has broken through the normal noise to become a topic of conversation in almost all sports clubs and the population in general.
If you are unsure as to whether it’s ‘OK’ or not to send mail do you have any rules of thumb that you would recommend?
If you find yourself questioning whether you should or should not sent, I would always refer to question 1 above – how did you obtain the information and did you get consent to communicate – this is the key consideration. If you are doubtful, then I would not use the data to communicate and it might be a good opportunity to start again in a systematised way.
So there you have it. Hopefully, everybody has been doing their best and will act in good faith once the day has passed. There will be fewer emails whizzing around on Monday than on Friday but if you realise you are missing something well you can always sign up again. You know it might not be a bad thing at all.
If you are still in the dark, all attendees at next week’s Federation of Irish Sport Annual Conference will receive a free online GDPR Awareness Course as well as insight into how New Zealand has scaled the heights of high performance as well as participation sport.
You can find out more and book tickets here.