General Data Protection Regulations
Ensuring our members are equipped for the changes
GDPR IS COMING - ARE YOU COMPLIANT?
The new GDPR will replace the current data protection regulations as of 25th May 2018.
Get In Touch
Support available for Charter Standard Clubs.
Call: 0191 211 7799
Email: CSLegalHelp@theFA.com
Tweet: @MuckleLLP
CHARTER STANDARD CLUBS
Muckle has been chosen to provide legal support to The Football Association and its County FAs and Chartered Standard Clubs across England and Wales.
ONLINE COURSE
This GDPR training course will outline your main responsibilities and help you to start making the necessary changes. The course is 1 hour long and costs just £25.00.
Legal Guidance
The FA's Legal Partner, Muckle have produced a variety of handy factsheets to help you understand the jargon and role requirements for GDPR compliance.
May 2018. It will require all data controllers and data processors to meet new requirements. The
UK will supplement this with a new Data Protection Act later this year.
The main changes include:
- Increased rights for data subjects, including a right to detailed data protection notices and new
rights to delete or restrict data; - New accountability obligations, which will require data controllers to demonstrate and record
how they meet data protection obligations; and new fines, of up to €20,000,000.
It can choose what data will be used and for what purposes, and is in charge of ensuring that all data
protection requirements are met. For example, The FA is a data controller for its employees as their
employer and of participants' details where these are registered under FA rules or are used for FA
marketing.
instruction. A data processor does not have any independent right to use data for its own purposes.
Most of a data processor's obligations come under contract from the data controller, but under the
GDPR processors now also have some statutory obligations to ensure security, report breaches and
keep accountability documents.
such as a person's name, address or bank details, but also includes information such as their FAN number,
their dietary requirements and their photograph. Data does not have to be factual – opinions that a person
holds, or opinions that other people hold about them, are also considered personal data.
Processing is any use of personal data. This includes storing it, using it to make decisions,
accessing it on your phone, sending it to another person or even anonymising it. If you "do"
something to personal data, you will be considered to be "processing" it
The FA has been working closely with our legal helpline service provider, Muckle LLP, to provide support to clubs
around GDPR. Muckle LLP has produced a series of fact sheets and easy-to-use online training modules which
can be accessed via the links below should you want further information.
- FA Online Training
- GDPR Factsheets
The Information Commissioner's Office (ICO) has also produced guidance for all UK businesses on how to
prepare for the GDPR. You can find the following on its website: - 12 Steps To Take Now
- Guide to the GDPR
In addition to the above, the ICO has a dedicated telephone helpline which provides advice on data protection
matters and the GDPR.
The relevant contact information can be found here.
will not be undertaking compliance activities in respect of clubs’ use of data on FA systems for their independent
purposes or, to the extent that it falls under the provisions of the regulation, personal data processed by clubs in hard
copy forms. Any non-FA systems or applications which clubs use to collect personal data or processing which is carried
out by clubs for independent purposes will need to be reviewed and updated (as necessary) by each club. Each club will
need to consider if it needs to update its notices to participants, create internal data protection procedures or spend time
considering its information security procedures.
number of changes to our systems and processes to meet the new legal requirements. Where you rely on an FA system,
for example WGS or FullTime, you can be sure that it will meet requirements on information security and that online terms
and privacy notices will be updated to cover known and intended uses of The FA’s systems. The FA will also make sure that
contracts are in place with any relevant software providers and with other footballing stakeholders as needed under the GDPR.