GDPR and football: the industry is not meeting the standard
A frank overview of how personal data is handled in professional football, and the blind spots that remain.
The checkbox at the bottom of the form
At most clubs, GDPR compliance amounts to a sentence at the bottom of a registration form. But GDPR is not a checkbox. It is a discipline: knowing who has access to what, why, for how long, and how a person can request deletion of their data. Most clubs do not even have a dedicated data protection officer for their sporting operations.
The specific problem in football
The data circulating in our industry is sensitive. Medical information, performance reports, psychological assessments in some cases, contracts, family details. This data passes from agent to club, from club to staff, from staff to physio, with no clear record of who accessed what. We handle important documents with tools designed for sharing holiday photos.
Three questions to ask yourself
Who has access to this player's data at your club? Since when? Can you prove it? If you cannot answer, you have a compliance problem. It is not catastrophic, almost nobody can answer, but it is time to start working on it.
Where FOOTPASS fits in
We do not claim to be a GDPR tool. But everything that passes through FOOTPASS is logged, timestamped, and linked to a verified identity. That means a data protection officer can, in a few clicks, see who accessed what. It is already a significant step forward compared to a WhatsApp history or emails lost in spam.
Discover FOOTPASS
Authenticated messaging, verified Pass ID, digital authorizations, encrypted vault. Join 1,200+ football members.
Download FOOTPASS