The General Data Protection Regulations (GDPR) came into effect on 25th May 2018. The GDPR will replace the Data Protection Act 1998 in its entirety and will from that date regulate the processing of personal data in the UK.
Two documents that organisations must have are a Privacy Notice and a Data Protection Policy. A Privacy Notice is a public statement of how the Club applies data protection principles to processing data. A Data Protection Policy is primarily an internal document which details the Club’s commitment and procedures for protecting personal data in order to ensure the League complies with data protection legislation.