GDPR is coming – time to get ready!


Feb 2018

Data laws are changing. GDPR (General Data Protection Regulation) is new and represents a reshaping of the data protection landscape, giving consumers more rights and placing an increased onus on businesses to secure private data.

In simple terms the GDPR will help protect our players, members and clubs by ensuring better governance and transparency around management of data.  Organisations holding personal data (including clubs and CBs) will need to give more information to people about what they do with those people’s data, why, and for how long.

The RFU is working with all relevant stakeholders, including the government, to determine the implications of GDPR for both the RFU and its member clubs and CBs.  The detail of the legislation, particularly how it impacts sport, is currently being debated in parliament, so at this stage it is not possible to give detailed guidance.

We will be providing further guidance and a toolkit for how clubs and CBs can work towards GDPR compliance in due course, ahead of the regulation coming into force on 25 May, 2018.

In the meantime, there are a few things that clubs can start to look at now to help prepare them ahead of further guidance from the RFU. This includes:

  • Looking at what you use members’ data for, e.g. do you do anything more than using it for running the club, such as sending out messages on behalf of sponsors?
  • Looking at where you hold individuals’ data, e.g. just on GMS, on a server, or on someone’s desktop?
  • Looking at whether you pass data onto anyone else, e.g. sponsors, other parts of the club if it is part of a multi-sport club etc.

In the meantime, for any data protection queries relating to you club, please contact the RFU Legal Helpline on 0330 303 1877.


GMS training is available. Please contact our CRC Phil Milton at who will assess your requirements