INTRODUCTION

There is no one-size fits all approach toward GDPR readiness, and most organizations do not have an unlimited budget to properly undertake the required comprehensive analysis. The purpose of this page is to empower members of the global sport community with the resources and tools to help in their respective GDPR readiness plans. For those organization with adequate resources available to pay for external consultants and law firms to administer their programs, these resources provide a valuable tool to cross reference the advice and recommendations that have been provided to them. For those organizations with more limited financial resources, the resources and tools on this page are intended to serve as a Do It Yourself (DIY) self-help guide. For the avoidance of any doubt, nothing associated with the provisioning of information on this page should be construed as legal advice.

WORKSHOP PRESENTATIONS

GAISF organised a series of three workshops dedicated to support its members towards to GDPR compliance.

WORKSHOP #1 – General principles, methodologies and processes

The first workshop took place at the Maison du Sport International – Lausanne, Switzerland on May 28, 2018.
Three presentations have been made at this occasion.
The full workshop has been live broadcasted and can be accessed on GAISF Youtube channel : Click here to review the workshop

WORKSHOP #2 – How to handle new IT constrains

The second workshop took place at the Maison du Sport International – Lausanne, Switzerland on June 11, 2018.
The full workshop has been live broadcasted and can be accessed on GAISF Youtube channel : Click here to review the workshop

WORKSHOP #3 – Preparing legal documentations

The third workshop took lace at the Maison du Sport International on June 19, 2018.
The full workshop has been live broadcasted and can be accessed on GAISF Youtube channel : Click here to access to the video replay of the workshop

OFFICIAL TEXTS AND GUIDELINES

GDPR official text

Article 29 Data Protection Working Party – Guidelines on Data Protection Officers (DPO’s)

MEMORANDUM AND TEMPLATES

AVAILABLE SOFWARE APPLICATIONS AND TOOLS – SEPARATING THE WHEAT FROM THE CHAFF

Given the high-profile nature of the GDPR and other recent privacy related events in the news, it should come as no surprise that there has been a proliferation of software applications and tools designed to help individuals and their organization in their GDPR and broader privacy related readiness plans. Unfortunately trying to wade through this sea of software is no easy task. While privacy consultants can be an excellent source to help an organization make the right decision, including whether a software application is even needed, the following 2017 Privacy Tech Vendor Report published by the International Association of Privacy Professionals (IAPP) is a must read for all individuals tasked with drafting and implementing their organizations respective readiness plans.

The IAPP is a not-for-profit organization focused on advancing the privacy professionally globally. It is widely recognized within the industry as the preeminent organization of its type in the world with over 30,000 members spanning 100 countries. For those individuals with limited organizational resources to implement their privacy readiness plans, the value of annual IAPP offers an excellent return on investment.  IAPP offers various tiers of membership (corporate, non-profit, governmental, indivdiual and student) which are reasonably priced. With their membership, an individual has access to the IAPP Resource Center, participation in free web conferences throughout the year, and access to local KnowledgeNet Chapters where you can meet and discuss relevant issues with other privacy professionals.

THE BIG THREE

While there has been a proliferation of applications designed to meet specific needs, there are three companies which are widely recognized within the industry as providing a comprehensive suite of software applications designed to meet an organization’s total privacy needs. These three companies are Nymity, TrustArc (formerly eTrust) and OneTrust.  While Nymity (15 years) and TrustArc (21 years) have been long term players in the privacy space, OneTrust is a newer entrant in the space having just been founded in 2016.

There are some important things to know about these types of software applications. First, they are not cheap.  However, some of providers do provider pricing for SMEs that may be relevant for some organizations within the global sport community.  While most of these providers do offer free trial periods, these trials may be of limited benefits. To appreciate the full feature set of these respective software applications, one needs to undertake a substantial amount of data entry regarding business practices, vendors, and data elements. It is critical to ensure that your provider can port over any data from your trial subscription to your paid subscription to avoid any costly data re-entry.

While the costs associated with these applications can be substantial, engagement with these companies can still be productive independent of actually signing a contract.  As part of their marketing engagement, they make available to prospective clients various white papers and check lists that can serve as an invaluable resource towards implementing readiness plan. Usually a prospective client only needs to sign up by providing an email address and some basic company information before being able to access these resources.

LAW FIRM RESOURCES

It might come as a surprise to many, but law firms can be an excellent source of substantive and “free” information regarding the GDPR and broader privacy matters.  However, these law firms may not be totally benevolent in their intention. Once an organization undertakes its GDPR readiness plan, there will likely be several questions that will arise thus positioning these firms with an inside track to retain these users as a future paying client.

Law Firm: Kellerhals Carrard
Document: General introduction to GDPR made at the occasion of GAISF General Assembly on April 20, 2018
Summary: A high level summary about GDPR challenges for Sport Organisations

Law Firm: Morrison & Foster
Document: General Data Protection Regulation Summary(GDPR)
Summary: A two page high level overview of the GDPR in an infographic format. This document also includes a proposed framework for a Privacy Compliance Program.

Law Firm: Morrison & Foster
Document: GDPR Readiness Questions
Summary: A four page document which contains a list of sixty bullet point type questions broken down into relevant categories, e.g.  scope, notice, legal basis, DPO, data retention, privacy by design, etc.

Law Firm: Covington & Burling LLP
Document: Are you Ready for the European General Data Protection Regulation? A Practical Checklist for Employers
Summary: This five-page memo is in a more traditional legal memo format, with relevant sections followed by a summary description. Not a lot of flashy graphics just solid legal analysis to help guide an organization readiness plan.

Law Firm: Fieldfisher
Document: GDPR The Complete Guide App (iOS & Android)
Summary: This is an excellent mobile app for the privacy profession that always needs a full searchable text of the GDPR within thumbs reach. In addition to the full text, this app provides GDPR guidelines and checklists.

Law Firm: Norton Rose Fulbright
Document: GDPR Checklist
Summary: This is a twenty-eight (28) document providing a very details analysis of the GDPR.