The GDPR Effect and Football

In the United States, we often believe that we have a corner on the market when it comes to the game of football. However, the game that Americans refer to as football does not require players to use their feet as much as they have to in other countries’ versions of the game.  One would never think to consider that GDPR would have an effect on the game of football, especially not in America, but even this great game and those who follow it are not immune to GDPR and the notion of consent.

I recently came across a great LinkedIn post that shows the intersection of football and GDPR (reprinted below, courtesy of Matthew J. Dunn).

What makes this image really interesting is that a UK Football Club is taking Article 4 of GDPR very seriously, even in the wake of the impending Brexit. This also validates my belief that organisations in the UK are going to end up having to comply with GDPR even after it leaves the EU.

GDPR provides an extremely clear definition of consent as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” You have to admit that Manchester United got it right here in that making fans and followers “opt-in” is an unambiguous form of consent.

While I am not going to place any bets on American football teams following a similar path, we are starting to see GDPR move from the traditional business environment into a more personal part of our lives. Although the GDPR deadline is still a few months away, and organisations are trying to figure out what the impact will be as they wait to see who Brussels singles out as their first victim (oops, I meant “test case”), this regulation is going to continue to show up in places where we otherwise would not expect to see it. No matter what happens, any compliance with consent relative to GDPR will force organisations to understand the overall data landscape.


By Andrew Nielsen, CISSP, CISA, ISSAP, ISSMP, CCSK, Chief Information Security Officer, Druva

The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: