As you may be aware, there is a new data protection law - the General Data Protection Regulation (GDPR) - which came into force on 25th May 2018. GDPR replaced the Data Protection Act 1998 in its entirety and now regulates the processing of personal data in the UK.
We recognise that we collect, hold and process personal data - this article is therefore intended to give you further information about the GDPR, what it is, the main concepts and how the changes might impact on you. We have set out a series of Frequently Asked Questions (FAQs) below which provide further information and summarise the work which we, and The FA, are undertaking in this area.
In summary, where a league or club relies on an FA system, for example the FA Whole Game System or Full-Time, The FA ensure FA systems meet requirements on information security and will also update the associated online terms and privacy notices in accordance with the GDPR. In addition, The FA make sure contracts are in place with any relevant software providers and with other footballing stakeholders as needed under the regulation.
Where a league/club uses non-FA systems, or processes personal data in hard copy format, these will not be reviewed by ourselves or The FA, and compliance activities need to be undertaken in respect of such systems and/or processing. See FAQ9 for information on the support available for any compliance activities you may need to carry out.