Processing of personal data

Due to the GDPR rules and the sanctions for non-compliance with these, it is imperative that you, as a tournament organiser must know this.

Personal data is defined as information that makes it possible to identify a specific person. Processing this data may only occur if it is done for a particular purpose, and unauthorized persons may not access the information. As tournament organisers, you must also consider who you pass this information to and how the final routines should be.

General information on the application of the GDPR

Five important GDPR rules apply, which you should be aware of:

You must keep a record, which must specify your processing of personal data
You must document that you comply with the provisions of the law
It would be best if you documented that you abide by the principles of the legislation (read more about this below)
You must also inform your employees and customers about how you process their personal information voluntarily.
You must introduce the necessary technical and organisational measures in the handling of personal data and be able to document this.

The Personal Data Regulation has some basic principles that must be observed when processing this data:

Accountability
Accuracy
Purpose limitation
Storage restriction
Data minimization
Legality, fairness, and transparency
Integrity and confidentiality

Ticket sales

In connection with the sale of tickets, personal data covered by the GDPR rules is obtained.

As a tournament organiser, you should be aware that you may only process personal information when it is factual and relevant according to the Personal Data Ordinance and the Data Protection Act.

Once you have sold a ticket, you are able to process the personal data for this legitimate purpose.

It is crucial that you only collect personal information about the customer relevant to ticket sales. In addition, you may only store personal data for the time necessary and do not pass on the information. As tournament organisers, you should be extremely careful with who and how many are granted access to your systems. These people will then have access to various information about the participating players.

Processing of employees’ data

In employment relationships, it is necessary to store personal information on the employee to handle the personnel administrative tasks.

You must continue to be cautious when processing personal data, even if the information concerns your employees. There is still a requirement that the information is limited to legitimate and factual purposes. It is also essential that access to personal information is limited to the smallest possible number and only relevant employees.

We recommend that guidelines are drawn up, which both current and future employees must be instructed in and handed out.

Participants and others’ personal data

It is important to observe the legislation when processing participants’ personal data and others. Read the most important rules and principles above.

It’s important that you only store and process data for a legitimate purpose and immediately delete the information when it is no longer relevant for you.

Remember the possibility of anonymizing the information so that it is not identifiable if you want long-term data storage, e.g., a number of participants and other statistics.