General Data Protection Regulation (GDPR)
Premier Sports Overview
The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
Premier Sports is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted industry standards. We will comply with applicable GDPR regulations when they take effect in 2018, including registering as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services. Our team of experienced specialists will also help to support customers in meeting their obligations through the provision of expert services and value-added solutions.
Premier Sports and our Technology Partners have three main areas of focus in preparing for GDPR:
- Building on existing security and business continuity management systems and certifications to ensure we remain compliant
- Partner programmes to support compliance for users of partner software applications including solutions to deliver greater efficiencies
- Improved business processes and communication of services which help customers better understand our products and prepare for GDPR. We have built a stronger platform for the future by taking control of our data
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices. Premier Sports have consulted with our Partners to ensure compliance across all platforms and services.
In order to ensure compliance, Premier Sports are implementing additional or augmented company-wide controls to meet GDPR requirements using internal and external advisors.
Compliance will be supported by a review of existing contracts with data controllers, the use of sub-contractors and any data export arrangements.
Premier Sports’ Data Protection Officer will inform, advise and monitor compliance. The company will implement tools as appropriate that support the process, provide necessary security and ongoing delivery of objectives.
In all areas, the services provided by Premier Sports and its Technology Partners already conform. As data processor, the company is undertaking risk assessments to include more detailed consideration of the data types we hold and a data protection impact analysis of personal information stored and processed. Policies such as incident response plans and backup data retention will be reviewed and updated.