GDPR in the world of sports and the secret to getting this right

Author 12
Patricia Parker Nielsen
A man sitting on a couch with his computer collecting data, one of the most important CDP use cases for women's clubs

GDPR in the world of sports – this is definitely not a new topic. However, whether you know a great deal about GDPR or just the basics, the significance of GDPR never changes. So in this blog post, we’ll be breaking down:

  • What exactly GDPR is and who it affects
  • The main challenges GDPR brings to the world of sports
  • The secret weapon all sports organizations can leverage
  • How you can leverage this weapon today

So, without further ado, let’s jump right in!

Note: this blog post does not substitute for legal advice in regards to GDPR compliance.

Before we dive right in...

Subscribe to our blog today to ensure that you never miss valuable posts such as this one. We are passionate about helping sports organizations deliver a world-class fan experience, because better fan experience means better business. So why not use this opportunity to the fullest?

    Women holding a laptop next to a orange robot

    What is GDPR and who does it affect?

    GDPR stands for the General Data Protection Regulation and…

      […] is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live and outside of the European Union (EU).

      Investopedia, 2020 

      It is the toughest privacy and security law in the world and it imposes obligations onto any organization which targets or collects data related to people in the EU. At the center of this law is the protection of personal data.

      According to the regulation’s introduction:

        The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.”

        So in a nutshell, the GDPR’s task is to ensure people’s personal data is protected. To help us understand more, let’s take a look at the seven protection and accountability principles from Article 5.1-2, which state the following about handling personal data:

        1. “Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
        2. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
        3. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
        4. Accuracy — You must keep personal data accurate and up to date.
        5. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
        6. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
        7. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.”

        As you can see from these principles, there is a lot to think about if you are the person responsible for data protection at your sports organization.

        Have you reevaluated your current data strategy to accommodate the challenges brought by GDPR? Moreover, are you currently collecting and processing your fan data differently than you have done before?

                    Sports organizations need a CDP

                    GDPR can make it harder to understand your fans’ wants and behaviors

                    There are several challenges that GDPR brings about. One of them is that sports organizations might find it more difficult to understand their fans. Prior to GDPR, organizations across different industries could basically collect and process data about users and customers wherever and however they want. Moreover, when they did not have access to such data about the fans themselves, they could simply rely on third-party data to complement their own data.

                    An image of different data interfaces, charts and a computer displaying data to help with a first-party data strategy

                    What is third-party data?

                    As the name suggests, third-party data is data that you acquire from a third party using a third-party cookie.

                    What is a third-party cookie?

                    In short, a third-party cookie is a piece of tracking code. And this tracking code is placed in your web browser after visiting a website. However, this tracking code is created by the data aggregator and not by the website itself. If it were, then it would be called a first-party cookie.

                    In this case, it is third-party data providers, also known as data aggregators, that collect data from other organizations and then compile it into a single set of data which you can then buy. 

                    However, the challenge with third-party data is that you usually don’t know where the data originally comes from. This is because the data sets are large and sold programmatically, which means that the data is sold through an automated bidding system. This in turn leads us to another obstacle with third-party data: it is usually not compliant with privacy regulations, including GDPR.

                    Consequently, this has led to big players such as Apple and Mozilla removing third-party cookies altogether, forcing sports organizations to go back to the drawing board and figure out ways to have sufficient data about their fans. 

                    So how can you do just that while at the same time always ensuring that you are GDPR compliant (as well as complying with other similar data privacy regulations)?

                    Let’s take a look at the secret weapon which you happen to have at your fingertips.

                    Cartoonstyle man with a computer, a football and a basketball

                    The secret weapon all sports organizations can leverage to understand fans’ wants and behaviors

                    So, what exactly is this “secret weapon” we’re talking about? Well, it is actually none other than:

                    A first-party data strategy

                    But before we look at why you need a first-party data strategy, we first need to define what first-party data is.

                    What is first-party data?

                    First-party data is information that you can collect from both online and offline sources that belong to you. For example, from sources such as your:

                    • Ticketing system
                    • Point of Sale (POS) system for food and beverage purchases
                    • Online POS or e-commerce store for your merchandise
                    • App
                    • OTT streaming service
                    • Social media platforms 
                    • Membership lists
                    • Newsletter and mailing lists
                    • Event sign-up sheets

                    As you can see, there are plenty of sources from which you can collect first-party data. But it doesn’t stop there, because you can also collect different types of first-party data.

                    To name a few, you can for instance collect data about your supporters:

                    name a few, you can for instance collect data about your supporters:

                    • Ticket purchases
                    • In-stadium purchases
                    • Stadium entrances
                    • Personal details
                    • Merchandise purchases
                    • Demographics
                    • Web- and app behavior
                    • Watch history on your OTT platform

                    …and the list can be longer.

                    So what makes first-party data so valuable? Well, first-party data is valuable to you because:

                    1. The data belongs to you.
                    2.  You have collected it for free. 
                    3. To own the data, you have to receive consent from your users.
                    Cartoonstyle image of a woman explaining charts to a man while another man sit on a chair with a computer

                    5 reasons why first-party data is your secret weapon:

                    1. It is GDPR-compliant when done right, collecting first-party data is a GDPR-compliant action. What do we mean by “done right”? According to GDPR, your organization can process personal data for one of six main reasons. And one of these six reasons includes when “the data subject gave you specific, unambiguous consent to process the data.” To give you a couple of examples, this could be when your fan opts in to receive your newsletter or subscribes to your OTT platform. Basically, it should be your fan who decides to share their data with you and give consent to sharing it with you as well as what type of data they want to share. As a result, a first-party strategy when done right is a GDPR-compliant strategy.
                    2. Easily adapt to changes in fan behavior and digitalization overall – since you are being GDPR compliant from the get-go, a first-party data strategy makes it easier for you to adapt to your fan’s changing behaviors and needs, as well as digitalization overall.
                    3. Get a complete understanding of each fan – when you have a first-party data strategy in place, you can actually still manage to get a hold of enough data about your fans in order to understand their specific wants and behaviors. All you need to do is collect all of your first-party data and unify it in one place. This will allow you to get a full and detailed view 
                    4. Negotiate sponsorship agreements of higher value – since you are growing your fanbase with more and more contacts, you can leverage your data to help you negotiate better sponsorship deals.
                    5. You will be able to build trust and loyalty with your fan base – thanks to transparency and clear communication from your side. 
                    6. Grow your fan base – by building trust in parallel with delivering relevant communication, you can rest assured that you will grow your fan base.

                      As you can see, there are many benefits that quickly stack up all while being GDPR-compliant thanks to adopting a first-party data strategy. However, in order to adopt an efficient and optimized first-party data strategy, your sports organization needs to ensure that all your first-party data is available to you.

                      A group of sports executives celebrating being number 1 with a trophy

                      How you can leverage this weapon today

                      In order to implement and execute an optimized first-party data strategy, you need the right technology. Why? Here are some of the most common challenges that the right technology helps you solve:

                      • Having your data stored in many different sources
                      • Data silos, which means that the data are separate from each other and not accessible to everyone in the organization
                      • Obsolete data that is consequently no longer valuable to you 
                      • Incomplete data due to your data being spread out across different sources.

                      Evidently, this means that sports organizations need a solution that can solve these challenges for them. And this is exactly what customer data platforms have been created for, namely to:

                      1. Collect and centralize your data. By unifying your data, a CDP makes your data available to everyone in your organization that needs it – creating a single source of truth.
                      2. Analyze and uncover insights from it. Because you have all your data collected and centralized in the CDP, you can now easily gain relevant insights into your supporters’ characteristics, preferences, and behaviors.
                      3. Act on these insights. A CDP then lets you segment your audience into different groups based on these insights. You can then act on them via different tools, such as a marketing automation tool, CRM, Social Media, etc. Then via these tools, you can deliver messages and experiences on your supporters’ preferred channels and platforms.

                      CDPs enable organizations to collect, analyze, and act on their first-party data. And with the inevitable death of third-party cookies, CDPs are going to be one of, if not the, most important solutions to develop a first-party data strategy that is:

                      profitable and sustainable.

                      In addition, your strategy will be even more successful if you choose a CDP that has been built and designed for your industry, such as Data Talks Sports CDP. Because then you will not only have a solution that is tailored to your sports organization’s specific needs. But your CDP provider will also be an industry expert.

                      Florian Ludewig

                      “I really appreciate Data Talks’ expertise at the crossroads of data and sports – this is rare. They put in a lot of effort and heart into our project to make it a success”

                      Florian Ludewig | Senior Director Data Warehouse

                      But it doesn’t stop there. Because in addition to leveraging your first-party data to reach and engage with your supporters, a CDP will also enable you to:

                      • Gain insights that help you make better and even more accurate decisions
                      • Execute effective and streamlined work through data democratization
                      • Better monitoring and reporting of your marketing efforts

                      As you can see, a Sports CDP enables you to create and execute your first-party data strategy effectively. Moreover, you can rest assured that you’re doing so all while being GDPR-compliant. 


                      In this blog post, we have covered what GDPR is, the main challenges GDPR brings to the world of sports. But more importantly, we have uncovered how sports organizations can leverage to transform GDPR from challenge to opportunity. By leveraging a first-party data strategy, enabled by using a Sports CDP, sports organizations will not only survive but excel in a world where GDPR is the norm. But how having a first-party data strategy look implemented in practice? Well, we have a demo to show you exactly how it’s done. So check it out below. 

                      a 3D dashboard from Data Talks CDP analytics framework

                      Getting started is easy

                      Explore Demo Now >>


                      Leave a Reply

                      More great articles

                      The Data Talks formula to easily sell more tickets, sponsorship packages, and merchandise

                      Do you want to sell more tickets, sponsorship packages, and merchandise? Of course you do! But how exactly can you…

                      Read Story

                      What is a Customer Data Platform? An Introduction To Marketers

                      The customer journey isn’t consistent and linear. You know this already of course. Customers constantly switch between phones, tablets, laptops,…

                      Read Story

                      In-house vs. outsourcing fan data analysis: what you need to know

                      In-house vs. outsourcing fan data analysis - are you currently at the crossroads of having to choose between the two?…

                      Read Story

                      Never miss a minute

                      Get great content to your inbox every week. No spam.