The data protection officer is a mandatory and authoritative figure that all sports federations must have. Its goal is, as the name implies, to protect the sensitive data of minors.
On the other hand, in the case of small clubs in terms of size, this provision is not mandatory, as long as there is no sensitive data on a large scale.
In this way, the new European general regulation on data protection is committed to guaranteeing the effective protection of sensitive information concerning minors. Let’s see together what the data protection officer in sport does.
What do you do?
The primary function of the data protection officer in sport is to preserve and protect the data of minors belonging to a federation or club.
This delegate must not only have complete autonomy from his or her functions, but must also have direct and continuous contact with the higher authorities, as in the case of the Data Protection Agency.
In accordance with the foregoing, it is essential that both federations and clubs provide the delegate with all the resources and information necessary for their work. The security delegate can be an internal employee of the federation or an external person.
The most important thing is that the manager has the knowledge and credentials necessary to fulfill the responsibilities that such work entails, in conjunction with the data protection law which aims to safeguard the safety of athletes.
In addition, the manager must present his / her university degree. In either case, the federation or club is required to enter into a contract that specifies the type of services and responsibilities of the official.
Among the essential functions of the manager are the fact of advising, evaluating and supervising everything related to the protection of information. Likewise, he must supervise the application of the rules in accordance with national regulations and, in addition, train the personnel who, under his orders, will also participate in the processing of sensitive information.
Data protection and sanctions
One of the novelties of the new European general regulation on data protection provides for a series of sanctions for all those federations or clubs that do not comply with the legislation.
In this sense, failure to designate the data protection officer will be considered a serious violation that can result in substantial fines, as indicated in Article 83.4 of the European Regulation.
As we have seen, in the case of clubs, the presence of a manager is not necessarily mandatory. However, there is a principle of active responsibility that is worth considering.
In practice, it is strongly recommended to appoint a data protection officer, in order to promote a more ethical, organized and fair practice regarding the protection of sensitive information.
However, when clubs handle sensitive information or large-scale data processing, as well as systematic and high observation of a large number of interested parties, appointment is mandatory.
As the limit seems to be a bit confusing, it is recommended, regardless of the amount of information handled, that clubs also appoint this professional. This will avoid any kind of long-term sanctions or problems.
The data protection officer and federations
As regards national and territorial federations, as well as foundations, the appointment of a person in charge is mandatory. In addition to this, it is also essential to carry out an impact assessment and a complete register of activities.
Data protection law requires clubs to have a manager to perform this task. Impact assessment consists of an analysis of the different risks with respect to certain products, services or information systems. After this analysis, the institution must carry out risk management and determine what measures are necessary to take to minimize them.
The data protection officer is a vital figure within federations, sports clubs and foundations. His is a key function for the proper management of sensitive information, which could harm in one way or another those who are part of such institutions.
Ultimately, it should be noted that its designation is particularly aimed at protecting the data of minors. Furthermore, this will allow the organization to be more efficient in dealing with confidential information.