Warren Healy, CEO of myclubfinances.com, is confident in the measures Croke Park have taken.
“I think the GAA are very well prepared,” he said. “They have made tremendous efforts, hiring a new data protection officer and have a chief information officer (Tomás Meehan) in there so I’d say they’re as well-prepared as any NGB (Non-Government Body) are in the country.”
The GAA have in recent times organised a number of meetings to educate members on what steps need to be taken to follow into line with the new regulation, while the official website carries a wealth of information on GDPR.
Every club has been encouraged to identify data protection officers.
It’s an issue that volunteers are very aware of,” Healy said. “It’s amazing to us how GDPR has actually broken through the normal noise that citizens of Ireland put up with. GDPR is a topic of conversation in almost every county we visit.
"They’re aware of their obligations. Most of the governing bodies have taken steps to advise their units as to what they need to do, which is different to a lot of other initiatives which have come down the line.
“We have given talks to Dublin City Council and Fingal Council where they have invited all their clubs in to hear about GDPR and how it will affect their governance. They are saying to us that very few of the seminars they run are as well-attended as the GDPR ones.
“There’s a huge level of awareness out there and most clubs are taking it very seriously. We’re trying to eliminate the fear because it’s not going to be that difficult to comply with as long as certain things are done and these things do have to be done.
“The sporting landscape in Ireland is as ready as any of the European countries because of the work the NGBs are doing and the GAA are probably leading the way there.”
According to Healy, sports organisations aren’t as much at risk as other bodies who might have bought email lists.
“We’re all aware of the power and importance of data and anybody holding data. All these emails people are receiving is an indication that companies are trying to do the right thing. A lot of the emails we’re getting are not really necessary. A sports organisation is the exact same in the eyes of GDPR as your local business but if you’ve collected the data in an appropriate and a legal manner and you have used it to communicate with that individual over the last 12 months you can continue to do it and you don’t need new permissions.
I think every inbox has been inundated with companies seeking consent to continue to communicate but as long as they’ve collected the data legally and over the last 12 months they don’t need it.
“Generally speaking, clubs have collected emails because members are interested in hearing about club-related news.”
He doesn’t see the penalties associated with non-compliance as influencing the likes of the GAA.
“I’m not sure it’s the fine that is compelling sports organisations to do this; I think it’s a drive to do the right thing. Clubs want to do the right thing and GDPR is all about protecting all of our data and we’re all members of these organisations.”