Why Sports Marketers Need to Act On GDPR… Now

As we hurtle towards May 2018, many teams and venues are still woefully, yet very understandably, underprepared for the implementation of GDPR (the General Data Protection Regulation). This may seem like an IT or BI issue, but GDPR affects the day-to-day heartbeat of the sports marketer.

While the protective intent of GDPR is around data security, what marketers need to think about if they want to successfully reach their fans is one word: consent. Organizations who send a single email to a prospect who hasn’t consented will face a fine to the tune of €20 million or 4% of their annual global turnover (whichever is higher). That has massive consequences for live events who rely on targeted advertising on digital channels to drive attendance for matches that aren’t against a marquee team or aren’t on a prime date, or that rely upon global audiences that consume their digital content.

Register for our GDPR webinar on 5 steps your team must take to prepare 

Live event organizers may not think GDPR is something to worry about because their business is very driven by offline engagement. If they don’t address GDPR, however, numerous existing contacts will be unreachable on crucial digital channels for ticket sales, merchandise, or campaigns that can collect more data about specific interests of their fan base.

Of course, there is the big question: What is “consent?”

GDPR consent leaves no room for interpretation

Currently, many marketers play fast and loose with “consent” to process data, and unwittingly abuse or disregard their fans’ experience. US marketers in particular are prone to deceptive subject lines, false “from” fields, or don’t even include unsubscribe options. According to GDPR, not only is this is no longer fair game–it’s foul play. “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​” While there’s some ambiguity on how that will play out in 2018, what marketers can expect is:

  • Organizations will need to be specific about why they’re collecting data
  • They’ll need to be able to remove that data quickly
  • Pre-ticked “opt-ins” or assumptions that consent is given by default will be unacceptable
  • They’ll need to prove the source of the data (and the consent)

If you’re thinking, “Well, that’s fine, I can do that in a few weeks before May 25, 2018,” you’re in for some pain. Regulations will most likely apply to anyone in your database, regardless of whether they were put in before or after May 2018.

Opting fans in today to reach them tomorrow

While the EU’s GDPR guidelines are new, the UK’s PECR (Privacy and Electronic Communication Regulations) are not, and can give some guidance to the even more stringent GDPR rules. If you’re thinking that you can email people who haven’t opted in and ask them to, you will probably be out of luck. Honda did so last year to clarify what contacts’ marketing preferences were and were fined for not complying with PECR.

Essentially, not only do you have to opt contacts into your communications to reach them, but once GDPR is enacted, you can’t ask “are you opted in?” If you don’t know, they are not. Getting people opted in, then, is something you obviously can’t wait for unless you want to reach a fraction of your fans for campaigns next year.

Capitalizing on opted-in fans

From a compliance standpoint, first and foremost you’ll want to make sure how you process data is secure and transparent, which you’ll need to submit to your legal department (or a third party) to audit and confirm.

For marketing, you’ll want to make the most of fans who have opted in. Existing opt-ins should be your guideposts to opting in new fans: find what channels they’ve engaged with most, see what content caused them to check that box, and leverage them to gather the data you need to understand your fan base to drive up your conversions (which can be in the form of opt-ins, but also ticket and merchandise sales).


Teams and venues can go about gathering new data about opted-in fans in several ways—though they should keep in mind that they’ll have to point to a specific reason they collected the data for GDPR. One of the ways is surveys, specifically asking fans about what kind of content most engages them or what they value most for the in-venue experience.

They can also use social platforms to gather behavioral data. Facebook authentication for example, can provide crucial and permissible data for fan segmentation, allowing teams to learn about fans’ preferences for different brands, specific players, etc. Teams can use this to personalize advertising and marketing to get better ROI on campaigns on various channels.

Surveys and social authentication can be tied to entries into engaging contests (e.g., player meet-and-greets), leaderboards, polls and more.

Opting in new fans

As organizations get a better handle on who their opted-in fans are, they can better engage those who haven’t opted in and encourage them to take the leap to receive communications. When the steps are in place for an iron-clad opt-in process, marketers should use GDPR not just as a legal must, but as an opportunity to create compelling and engaging content that will improve how they reach fans in and out of the arena. In a global digital world, many are racing not only to comply with GDPR, but to leverage its guidelines as that nudge needed to get more up close and personal—with consent—with their fanbase.

Leave a comment