IOLIS Legal Services

24 August 2020

How can junior sports teams stay on the right side of the data protection rules?

Helping children follow their passion for sport can be wonderful.

Sports teams have a duty of care to their young players or athletes, though, and a legal duty to deal with their data in the correct manner.

Here’s our data protection guide for junior sports teams…

What are the responsibilities of amateur junior sports teams under GDPR?

Sports teams and governing bodies have the same obligations as public bodies and businesses under the General Data Protection Regulation.

They must have a data controller, a legal basis for collecting data, it must be stored securely, and must be processed in accordance with the GDPR’s rules.

GDPR says that children need special protection because they may be less aware of the risks involved.

Clubs and teams should think about the need to protect them from the outset. They should design processes with this in mind.

GDPR gives children the same rights as adults over their personal data, including the right to access their personal data in a Subject Access Request (SAR), to rectify something, to object to the data being processed, and to have data erased.

Who can make an SAR for a child’s data? Generally, this would be the parent or guardian with whom the child lives.

However, establishing the identity of that person and the relationship with the child is important to ensure information is released to the correct person.

Clubs and teams also face the same potential penalties as businesses and public sector bodies if they fail to deal with data properly.

You can read more about GDPR and children here.

What are the specific responsibilities when dealing with children and getting parental consent or consent from guardians?

The law in England and Wales gives extra protection to any child aged under 13. They are not deemed able to give legal consent.

So, consent for collecting, storing, and processing data related to any athlete aged under 13 must be given by a parent or guardian.

In Scotland, the picture is slightly different. Children aged 12 or over are legally old enough to provide their own consent for data protection purposes, unless there is evidence to the contrary.

Most amateur sports clubs, however, have a blanket policy of collecting parental consent for any athlete aged under 16, or even 18.

What sports teams must do is ensure this consent is gathered at the same time a parent gives consent for the child to take part in the sporting activity, but it must not be lost in gathering lots of other information.

The consent for data collection and storage must be clear and easily understandable by any parent.

In other words, it must be clear that this is consent for data collection, storage, and processing, and it must be written in plain English.

There’s also the thorny subject of publishing sporting results.

Many clubs now have a blanket ban on putting individual children’s results on the internet because that could be seen to be a breach of consent, unless the club applies for consent from every parent or guardian every time it wants to publish.

Failing to get that consent could lead to a parent making a complaint against the club.

Does the situation change when sport becomes professional?

Yes, it can change, even though the professional athlete is under 18.

There are contracts involved when an athlete or player becomes a professional, and consent for the collection, storage, and processing of sporting data may well be written into those contracts.

For example, this could involve performance data which is needed to help the athlete reach the peak of his or her career.

We recommend getting the advice of a data protection lawyer before any professional contract is signed and if a problem arises during the term of the contract.

How does this fit into a team’s safeguarding obligations?

There is a cross-over between data protection and the need to safeguard junior players, and it is vital that information about children does not fall into the wrong hands.

To ensure that, it’s important that safeguarding information such as the name of the parent, address, and phone numbers are all checked regularly and up to date.

There have been several high-profile allegations of lapses in safeguarding in UK junior sports in recent years including football, gymnastics, and athletics.

Does your sports team need advice and support on data protection legislation? Please call us on 029 2000 2339 or email contact@iolis-legal.com.

Recent Posts

Why you should use an independent person to conduct a workplace investigation

There exists in an employment contract an implied obligation to not act in a manner likely to destroy or seriously damage the relationship of confidence and trust without reasonable and proper cause. This relationship can become imperilled when an allegation has been made against an employee and this needs to be investigated. In a recent […]

Read more
Why will every toy seller in the UK soon need to up their game about data protection?

These days, internet-connected toys are in huge demand. Children want internet-connected toys such as Mario Kart Live: Home Circuit which allows you to take the online game and recreate it in your own home, setting up circuits and controlling the players via the Nintendo Switch. Or they might ask for Artie 3000, a drawing robot […]

Read more
5 Things to Remember When Meeting Over Video

As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown. There has been a lot of media coverage on […]

Read more
Will monitoring your home-working staff land your business in hot water?

Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits of remote working for their employees. Others had been wary of it and had […]

Read more
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...

I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version of the Monster Mash this Halloween! There are […]

Read more

Does your UK business need support? Tell us how we can help you.

Call us to start the conversation on 029 2000 2339 or email contact@iolis-legal.com

Contact us
6 October 2021
Why you should use an independent person to conduct a workplace investigation
There exists in an employment contract an implied obligation to not act in a manner likely to destroy or seriously damage the relationship of confidence and trust without reasonable and proper cause. This relationship can become imperilled when an allegation has…
Read More
26 January 2021
Why will every toy seller in the UK soon need to up their game about data protection?
These days, internet-connected toys are in huge demand. Children want internet-connected toys such as Mario Kart Live: Home Circuit which allows you to take the online game and recreate it in your own home, setting up circuits and controlling the players via the…
Read More
9 November 2020
5 Things to Remember When Meeting Over Video
As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown.…
Read More
25 October 2020
Will monitoring your home-working staff land your business in hot water?
Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits…
Read More
25 October 2020
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...
I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version…
Read More
20 October 2020
How could the right to be forgotten affect your amateur rugby or football club?
The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among…
Read More
IOLIS Legal Services is a trading style of IOLIS Ltd. Regd in England & Wales. Company Number 11968202. Regd office: International, House, 10 Churchill Way, Cardiff CF10 2HE. Total paid up share capital £10.
© 2020 IOLIS Ltd. | Website designed, hosted, and maintained by Jötnar Systems