GDPR, or the General Data Protection Regulation, comes into force on May 25th 2018 and applies to all businesses that have control over personal data. It updates the current data protection legislation which has been in place since 1998. There is a further update on the way in the form of a new UK Data Protection Act but this will largely replace what is in the GDPR.
The objective of the legislation is to strengthen the rights of individuals and this may result in changes in the way that companies collect, store and use information. In order to be compliant with the new legislation all businesses, large and small, will need to review their processes, review the personal information they hold, identify where that information came from and where it goes, and finally ensure that information is secure either in a digital format or with physical copies. Customer records are a good example of the type of information that will now be in scope.
Failure to comply with this legislation could result in a fine of 4% of your turnover or 20 million euros whichever is the greater.
The IAAF has produced guidance for IAAF members to explain the broad requirements and what preparations can be undertaken by businesses. To download the document, members should log into the Members Only area of the website. If any member experiences any difficulty or needs to register to access the Members Only area, they should contact the IAAF Office.