Quidgest GDPR sports

The new General Data Protection Regulations come into effect on May 25 2018


This regulation, establishing new rights and obligations for all organizations processing personal data, will directly affect sports clubs and institutions and how they manage and maintain the data of their members, funders, employees, marketing contacts, and anyone with whom they interact.

All data collected and held about individuals is subject to this regulation. Of particular concern is how the owner of the data consents to this data being used. This specific area is still unclear when it concerns minors under the age of 16. (If the child is under 16 years of age, treatment is only permissible if and to the extent that consent is given or authorized by the person with parental responsibility for the child).

In response to these changes, Quidgest has designed a solution, in its entirety, for large European sports organizations. This solution allows major sports clubs to manage their compliance with the GDPR, namely at the level of the #SAD, as well as how all the companies that are part of the ecosystem of these clubs manage the data of club members and contacts. In this way, the rights of members and supporters, and in particular of youth sports structures, are protected in a sustainable and scalable way, as well as ensuring that other companies and services providers working with the club also conform. Services providers and partners may include insurance companies, newspapers, television channels or media companies, companies providing merchandising and events.

Specifically created to meet the needs of sports clubs and their networks, and responding to all data protection requirements, this solution provides organisations with a competitive and differentiating advantage. Already selected by of the top 16 football clubs in the European Champions League, Quidgest´s solution is being implemented to support their legal team in maintaining club compliance with the GDPR.

For more information


Data Privacy Regulation @ Quidgest

The European Commission has been debating about a subject that has an influence on everyone who uses information systems and digital businesses and demands privacy: data protection legislations.

It is essential to ensure that Europe fits the digital age, providing data protection and its privacy, regardless of where data is processed.

From this process, General Data Privacy Regulation (GDPR) was born. The primary objective of the GDPR is to give citizens back control of their personal data. Once GDPR takes effect (the compliance deadline for this was set for May 2018) it will harmonize previous and other data protection regulations already existing throughout the EU.

To address the GDPR compliance requirements, organizations must employ (at least one) encryption methods and strong key management, to ensure the protection of the encrypted data. Organizations will also need a way to verify the legitimacy of user identities and transactions, and to prove compliance. It is critical that the security controls in place be demonstrable and auditable.

According to GDPR organizations must:

  • Only process data for authorized purposes;
  • Ensure data accuracy and integrity;
  • Minimize subjects’ identity exposure;
  • Implement data security measures.


To preserve subjects’ privacy, organizations must implement:

  • Data protection by design and by default;
  • Security as a contractual requirement with their partners and service providers;
  • Encryption;
  • Security measures that respond to their risk assessment;
  • Safeguards if they are to keep data for additional processing.

Here, at Quidgest, we make sure that our entire client’s data is protected and kept private, with all the necessary means to this end.