The GDPR Effect and Football

In the United States, we often believe that we have a corner on the market when it comes to the game of football. However, the game that Americans refer to as football does not require players to use their feet as much as they have to in other countries’ versions of the game.  One would never think to consider that GDPR would have an effect on the game of football, especially not in America, but even this great game and those who follow it are not immune to GDPR and the notion of consent.

I recently came across a great LinkedIn post that shows the intersection of football and GDPR (reprinted below, courtesy of Matthew J. Dunn).

What makes this image really interesting is that a UK Football Club is taking Article 4 of GDPR very seriously, even in the wake of the impending Brexit. This also validates my belief that organisations in the UK are going to end up having to comply with GDPR even after it leaves the EU.

GDPR provides an extremely clear definition of consent as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” You have to admit that Manchester United got it right here in that making fans and followers “opt-in” is an unambiguous form of consent.

While I am not going to place any bets on American football teams following a similar path, we are starting to see GDPR move from the traditional business environment into a more personal part of our lives. Although the GDPR deadline is still a few months away, and organisations are trying to figure out what the impact will be as they wait to see who Brussels singles out as their first victim (oops, I meant “test case”), this regulation is going to continue to show up in places where we otherwise would not expect to see it. No matter what happens, any compliance with consent relative to GDPR will force organisations to understand the overall data landscape.


By Andrew Nielsen, CISSP, CISA, ISSAP, ISSMP, CCSK, Chief Information Security Officer, Druva

European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.