Described by the Information Commissioner’s Office (ICO) as a “game changer for everyone”, the General Data Protection Regulation (GDPR), came into effect on 25th May 2018. Its impact is no doubt being felt across all levels of sport from grassroots clubs to professional teams and associations, forcing them to review the way they think about personal data, and ensuring that they have the correct processes in place to govern its use – and this diligence needs to continue.
By Tom Cowgill
Firms must take data protection very seriously and act responsibly in relation to any data that they hold – their business depends on it.
In this post-GDPR World, it’s critical for businesses like ours to put fans and members first in the way we process and use any information that we hold. Taking the necessary measures to ensure that you remain clear and transparent about how you utilise fan and member data and investing in this for the long-term is critical. For example, upgrading servers to maintain the highest levels of security and appointing a Data Protection Officer (DPO) to oversee data protection procedures.
But how can sports clubs continue to engage both with fans and be compliant with the new data protection legislation?
While headlines in relation to the GDPR have tended to concentrate on the increase in fines for non-compliance with the GDPR, what isn’t always being addressed is the need to retain valuable customer data and the long term commercial implications this can have.
With an ever-greater emphasis on fan engagement, the ownership, maintenance and growth of databases represents one of the most significant investments for sports clubs and plays a central role in their overall commercial strategy. Therefore, the key question many clubs and associations are now struggling with is not how to best to handle the new legislation, but rather ‘how can we provide fans with something which is useful or relevant in return for their data?’
GDPR may be seen to limit opportunities for clubs to talk directly to their fans about their key partners and sponsors. However, a club’s loyalty programme (providing it complies with the principles set out in the GDPR) can allow clubs to have a broader conversation with their fans, including about their key partners if those partners participate in the programme. In this way, a rewards scheme partnership, which essentially gives value back to your fans in return for their loyalty to you, can demonstrate how much you (and your key partners) value them.
It is vital for clubs to understand that the journey to GDPR compliance isn’t just about consent (even though this is a very important consideration as a basis for processing personal data). As Steve Wood, the ICO’s deputy commissioner, has said:
“consent is one way to comply with the GDPR, but it’s not the only way…it’s time to consider all of the different lawful bases organisations could use for processing personal information under the GDPR.”
During this post-GDPR journey, we think there is a huge window of opportunity for sports clubs where best practices and procedures will pay dividends. A club’s rewards programme can play a central role in enhancing that best practice helping clubs and their partners engage more broadly with fans away from the actual sport through rewards and incentives and that most valuable notion of a ‘value exchange’.
Tom Cowgill, co-founder and director, Rewards4