One of the key challenges in 2018 for businesses in Europe was to make sure they were GDPR (General Data Protection Regulation) compliant.
The UK data protection act as we once knew it had been changed and a European wide act GDPR was there to rule over how companies managed and exchange PII (Personal Identifiable Information) across Europe.
Countries outside of the EU have been creating/reviewing their own data protection acts. An example of this is the POPI (Protection of Personal Information Act) in South Africa, or PIPL (Personal Information Protection Law) in China. Cross-border transfers are likely to be one of the big compliance issues being tackled by legislative bodies, and data protection authorities in 2021, to ensure a normalisation of data transfers between countries.
Data breaches in business are now unfortunately a common occurrence in industry, and it was only inevitable that this would trickle down into the sports sector. Attacks have been made against fans, venues and/or the integrity of the game (athlete, official data). Most recently the English Premier League had a data breach where confidential information with regards to a player transfer were hacked, and most recently a very high profile English soccer/football team commented on a data breach on its customer base.
In July 2020 the UK National Cyber Security Centre (NCSC) specially warned that cybercriminals were targeting UK sports teams with ransomware attacks. An NCSC report cited a ransomware attack against an unnamed English Football League club, which crippled their IT systems to the extent it stopped their turnstiles from working and almost led to the cancellation of the league fixture, which would have cost the club hundreds of thousands of pounds in lost income.
I feel there maybe still some organisations that believe they are compliant, because they may have reviewed their data assets during the time they did their initial GDPR work.
Cyber Security has no end date.
Legislation is constantly growing as more sophisticated hacks are being attempted. Organisations are also continuing to expand their collection of PII, as they increase their use of social platforms.
We have already seen many examples of where company fines have been imposed, because of improper handling of customer data.
British Airways - €22m fine, Marriott International - €20m fine, H&M - €35.3m fine.
Cyber Security is the "elephant" in the room that some organisations feel uneasy talking about. This is because of a lack of understanding in this space.
Clubs and Associations all work on finite budgets, and many do not have the funds to have an onsite Cyber Security team.
How does your company deal with Cyber Security?
Do you have a dedicated team?
Do you feel your organisation knows what you need to do in the event of a breach?
SportsX have trained cyber security practitioners to help and advice our clients on any issues they may have in this space.
Feel free to get in touch with me at firstname.lastname@example.org for more details.