The General Data Protection Regulation intends to unify data protection for all individuals within the European Union.
Why does it exist?
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.
Does the GDPR apply to my organisation?
The GDPR applies to any organisation (not just businesses) who monitor or track the behaviour of EU individuals, store data on them or sell to individuals within the EU. This means that most sports organisations who maintain a membership list or database need to comply but also that organisations who are based outside of the EU who sell to or store data on EU individuals also have to be compliant as well.
Which data is GDPR concerned with?
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.