Brexit, Data Protection and Cyber Security for Welsh Sport & Leisure organisations  

The WSA has been working with Chris Roberts from Cybata to explore how the Brexit deal may impact GDPR and Data Protection for Welsh Sport and Leisure organisations. The WSA highlight some recent sporting cases to address the potential consequences of inadequate protection.

Does the Brexit deal impact you as a Welsh Sport & Leisure organisation? 

Coming out of the EU has always been likely to change the way UK sporting organisations (as well as all other sectors) process personal data. The Brexit deal has been done, so let’s look at the Data Protection implications.  

What’s known as an “adequacy” decision in favour of the UK from the EU would mean that transfers of personal data to and from the UK would be as they are now, with the same inherent risks as today. 

At this point there is no adequacy decision for the UK. As it stands, we are able to carry on as before with free movement of personal data from and to EU/EEA states for the next six months whilst an adequacy decision, or not, is secured.  
 
This is taken from the agreement itself:

“This Part also includes a provision to provide for the continued free flow of personal data from the EU and EEA EFTA States to the UK until adequacy decisions are adopted, and for no longer than 6 months. The UK has, on a transitional basis, deemed the EU and EEA EFTA States to be adequate to allow for data flows from the UK”. 

Chris and the team from Cybata will update the WSA on the actions we might have to take if an adequacy decision is not likely to be forthcoming.  There is a real possibility adequacy may not be granted, so watch this space and we’ll be in touch with further details as we know more.

Cyber news from across the sporting sector: 

Manchester United are being assisted by the UK’s cyber security agency after an online attack that left the club unable to fully restore its systems. 

Further details on the UK cyber security agency helping the club recover from the attack

Town Sports International Data Breach Exposed Personal Information of 600,000 Members 

This is an American story, but unfortunately Cyber Crime doesn’t just affect the UK sports market. 

This latest big data breach occurred due to a single server being left unprotected. A simple error with huge ramifications. 

Sports data for ransom – it’s not all just fun and games anymore 

With more and more sports organisations and businesses moving online, the risks are growing. 

In the last few years we “just” had to worry about personal data (such as name, address, birthday and medical information). Now though, we also have to consider GPS tracking, apps and streaming. 

With new technologies and new products coming out at incredible rates, we have to work harder than ever to protect our organisations, customers and players. 

WSA members to continue their GDPR compliance journey 

Welsh Sport & Leisure organisations should review their core Data Protection systems, the “Data Map”. The Data Map is a term we use to describe what the regulation calls the Record of Processing Activity or RoPA for short.  Without a clear and up to date Data Map, it is impossible to develop all of the important documentation you need to have to comply with the law i.e. Privacy Notices, Data Sharing Agreements, policies and processes and procedures.  

Why do we say it is impossible to create the documentation without a Data Map? In order to create the documentation that you are required to hold, you first have to understand, in some detail, how personal data flows into, across and out of your organisation. The process of creating your Data Map gives you that understanding. Your understanding of the personal data flows, the IT and software tools/systems used, where the personal data is stored and who accesses it, must personalise generic templates and make them your own, reflecting how your organisation actually works. Simply acquiring template documents and showing them in your quality system is not what the law requires you to do. Without the personalisation, the template documents will never pass muster if scrutinised by the Information Commissioners Office (ICO) or other authorities. 

Data Maps can be created in Excel, Word and Power Point documents – we’ve seen it all. There are also GDPR managment software tools that do a superb job for organisations with more complex and dynamic personal data scenarios.  

Members of the WSA, can utilise our GDPR Helpline service, where Chris and the team at Cybata will happily review your Data Map. If you’d like to take up this offer please contact the WSA team or access the Helpline service via your membership log-ins.