Surely you remember that last May 2018, a multitude of companies, organizations and even your child’s sports club sent you dozens of emails asking you to accept the new Data Protection Law . Although it had been in force since 2016, it was not applicable until 2018 and, since no one pays attention to that of “do not leave for tomorrow what you can do today”, all organizations left it until the last minute. Well no, rather, for the last day of the last month. Things that happen!
And in the world of sports, do you know what we are talking about? There may be some sports club that is a little behind and has not yet caught up with the new LOPD , or that directly thinks… what will the new LOPD have to do with my club? Will it be a new team in the category or the new Federation of my sport?
It’s not really a new team, but it can be a great rival and bring you a lot of headaches. That is why, if you are the person in charge of managing a sports club, you must catch up with the new LOPD and comply with a series of measures. As a sports club, you handle sensitive data of athletes, fathers, mothers, etc.
Therefore, so that the new LOPD cannot with you and you do not have to think about it every day to focus on sports, we recommend that you follow the following tips:
1. MAKE A PLAN
You should always have a roadmap! The more organized, the better the sports club will work. Prepares and implements data protection policies that contemplate the requirements of the RGPD and be able to prove their compliance.
2. DESIGNATE A PERSON DELEGATED FOR DATA PROTECTION
The data protection delegate is a fundamental figure in the reform initiated by the new European RGPD. You must be in charge of establishing the culture of data protection. This figure will be mandatory in sports clubs that carry out the large-scale treatment of sensitive data among their main activities. For smaller clubs it will not be necessary, but it is convenient for someone to take charge and inform themselves more thoroughly to handle the data.
3. SAFETY ABOVE ALL
As a sports club you must ensure that the data of the people related to your club are not altered, lost and unauthorized:
Confidentiality. Access restriction.
Integrity. Avoid unwanted alterations.
Availability. Only for certain people.
Resilience (RGPD). Recover from disturbances.
4. TRAIN ALL THE PEOPLE WHO WORK IN THE CLUB
It is essential to develop and carry out a training and awareness plan for the employees of the sports club. This action may prevent that by mere ignorance, some sensitive data is disclosed or a photo is published without the consent of the person.
5. PHOTOS IN COMPETITIONS AND TRAININGS
Don’t worry, you can continue to have your social networks up to date with photos of your athletes, as long as you ask for express permission. In the same way, you will not be able to continue making use of these photos, if the person requests it. Without consent you will not be able to upload anything! You will need the consent to take photos and also the consent to publish those photos on the networks.
6. BE CAREFUL WITH SENSITIVE DATA
Never post them! Be careful with sensitive data, such as the medical examination of your athletes, account numbers , etc. For example, when you need to publish the ID of an athlete, only publish 4 numbers, never complete.
7. OH! THE WHATSAPP GROUPS
Why can WhatsApp groups violate the new Data Protection Law? If you create the WhatsApp group of the “Benjamín B” team in which the parents of the children will be, you need their consent in advance to put them in the group, since if not, you share the number of a person in a group without your approval . There are already court rulings on groups created without consent!
8. SECURITY GAPS
Establish notification mechanisms and procedures in the event of security breaches, since if they do occur, you must notify those affected within a maximum of 72 hours. For example, if the coach goes to a competition and loses all authorizations with the DNI and phone numbers of parents, if the computer where you have all the sensitive data of your athletes is stolen, etc.
As the saying goes, “prevention is better than cure”. We strongly recommend that you have everything very well tied in terms of data protection, and for this, it is sometimes necessary to have external people to guide you in the implementation of data protection mechanisms for your club, or join platforms such as Playoff or Clupik, to help you manage your club, complying at all times with the new Data Protection Law.