ABSTRACT
Information on players and their contracts is a vital asset for us and fans also entrust us with their data, including personally identifiable information. In addition to the data compliance being a slow evolution, there are many areas of the General Data Protection Regulation (GDPR) that can be considered 'grey' and solutions will only be discovered through case law. The key question here is the impact of the right to data portability, one of the few articles in the GDPR that are not updating or refreshing an existing clause of the EU Data Protection Directive. The change that ensures the subject gets the attention of the most data-weary management teams is the scope for potential fines. The data controller is the person or organisation that determines the purposes for and the manner in which any personal data is processed and used. Rights owners' use of data can go beyond their fans, ticket buyers, shop customers and staff.
