NEW General Data Protection Regulations (GDPR) come in to force in May.

The GDPR will replace the Data Protection Act 1998 in its entirety and will, from May 25th 2018, regulate the processing of personal data in the UK. 

The FA recognises that leagues and clubs collect, hold and process personal data.

The Frequently Asked Questions (FAQs) below explain how the changes might impact on your league or club.

They also provide further information and summarise the work which The FA is undertaking in this area. 

In summary, where your league or club relies on an FA system, for example Whole Game System (WGS) or Full-Time, The FA will ensure that FA systems meet requirements on information security and will also update the associated online terms and privacy notices in accordance with the GDPR.

In addition, The FA will make sure that contracts are in place with any relevant software providers and with other footballing stakeholders as needed under the regulation.

Where your league or club uses non-FA systems or processes personal data in hard copy format, these will not be reviewed by The FA, and compliance activities will need to be undertaken by your league or club in respect of such systems and/or processing.

Please see FAQ 9 of the below for further information on the support that is available for any compliance activities that you may need to carry out.

Richard Neal, Suffolk FA CEO, said: “Whilst I understand data protection is unlikely to be the reason most of us became involved in the administration of football, there have been a couple of high profile data protection leaks in sport which have caused great issue. All clubs and leagues will need to heed this legislation, and I’d strongly advise accessing the support where necessary.”