Further to the information we circulated in the Charter Standard Clubs e-newsletter on Friday 2nd February, there is a new data protection law, the General Data Protection Regulation (GDPR) coming into force on 25 May this year. The?GDPR?will replace the Data Protection Act 1998 in its entirety and will, from 25 May 2018, regulate the processing of personal data in the UK.
The FA recognises that clubs collect, hold and process personal data ? this email is therefore intended to give you further information about the?GDPR, what it is, the main concepts and how the changes might impact on your club. We have set out a series of Frequently Asked Questions (FAQs) in the attached which provide further information and summarise the work which The FA is undertaking in this area.
In summary, where your club relies on an FA system, for example Whole Game System (WGS) or FullTime, The FA will ensure that FA systems meet requirements on information security and we will also update the associated online terms and privacy notices in accordance with the?GDPR. In addition, The FA will make sure that contracts are in place with any relevant software providers and with other footballing stakeholders as needed under the regulation.
Where your club uses non-FA systems or processes personal data in hard copy format, these will not be reviewed by The FA, and compliance activities will need to be undertaken by your club in respect of such systems and/or processing. Please see FAQ9 for further information on the support that is available for any compliance activities that you may need to carry out.
The FA?GDPR?Project Team