Skip to main content

Why sports teams should avoid relying on consent to comply with GDPR

GDPR
Wednesday, 15 August 2018 Author: Katie Russell

In the run-up to 25 May 2018, or "GDPR day", many organisations made huge changes to the way they process “personal data”. However, due to blind spots in guidance available (both form the Information Commissioners Office (ICO) and other sources), there remains uncertainty around what organisations must do to comply with the General Data Protection Regulation1 (GDPR).

By way of initial background, “personal data” means “any information relating to an identified or identifiable natural person2. "Special category" data (previously called "sensitive personal data"), which attracts heightened protection under GDPR, includes: data revealing a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life, sexual orientation or trade union membership3. Data concerning an individual’s health will also be classed as special category.  Sports clubs are in a unique position in an employment context as they are likely to regularly process health information relating to their players, including medical histories, medication, allergies, injuries and potentially medical information which may or may not be not be specific to the sport itself. Great care is therefore needed to keep the information safe.

One major area where sports clubs and organisations could face particular difficulties is where they have relied on consent as a basis for processing data under GDPR, as it may not be the easy fix they thought it was. Accordingly, this article examines why it is essential that organisations identify a legal basis for processing personal data and avoid the trap of falling into reliance on consent. Specifically, it looks at:

  • The new obligations on employers when processing employees’ personal data

  • What the "big problem" is with relying on consent

  • What employers should be doing now

  • Consequences of non-compliance

  • Practical guidance going forward

The article assumes that readers have a basic knowledge of GDPR. For readers wanting an introduction to the topic, please see here4.

To continue reading or watching login or register here

Already a member? Sign in

Get access to all of the expert analysis and commentary at LawInSport including articles, webinars, conference videos and podcast transcripts.  Find out more here.

Hits 45634 Posted in Action Sports | Athletics | American Football | Australian Rules Football | Badminton | Baseball | Basketball | Boxing | Cricket | Anti-Doping | Cycling | Sports | Esports | Football | Gaelic Football | Golf | Hockey | Corporate | Horseracing | Ice Hockey | Ice Skating | Employment | Martial Arts | Motorsport | Articles | Olympic | Paralympic | Regulation & Governance | Rugby | Skating | Snooker | Swimming | Table Tennis | Tennis | Volleyball | Winter Sports

Related Articles

Written by

Katie Russell

Katie Russell

Katie Russell is an Employment Partner in the Business of Sport Group at law firm Shepherd and Wedderburn LLP. Katie uses her experience of employment law combined with her knowledge of sports law to provide highly specialised advice to sports organisations and their teams to help address the specific challenges they face.

www.shepwedd.com