Preparing for GDPR: Scout7 achieve ISO 27001 certification

Ever since the first Scout7 platform was installed into a club back in 2001, we have always taken the issue of protecting each of our client club’s privately-stored information with the seriousness it deserves.

Today we are fortunate to have a large and diverse client base, with approaching 230 clubs and associations around the world, who put their trust in us by managing their scouting, recruitment and squad management information in Scout7-hosted solutions.

In return, they should expect nothing less than a secure, robust environment which protects their information, and rightly so, given the sensitive nature of scouting information collected to evaluate potential recruitment targets.

In recent weeks, you may have seen in the news that major changes in data protection law are coming into force next year, with the introduction of the EU General Data Protection Regulation (GDPR). On top of that, the UK Government are also introducing a Data Protection Bill this month which is intended to transpose GDPR into UK law once the UK leaves the EU.

What does this mean for us? Well it means that Scout7, as a ‘Data Processor’ for each client, needs to be compliant with GDPR in time for its introduction in May 2018. Indeed all of a professional football club’s suppliers should be aiming to be compliant, as the financial penalties for any breaches of data law moving forward are going to be substantial.

So as we work towards achieving this goal, I am delighted to announce that earlier on this month Scout7 achieved certification to the internationally recognised ISO 27001 standard, following an independent assessment carried out by the British Assessment Bureau.

ISO 27001 is the internationally recognised Information Security Management Standard that proves an organisation’s commitment to the security of their customer, employee and shareholder’s information.

With ISO 27001 in place, we are able to minimise risks to potential data security breaches and reduce errors and costs, while demonstrating credibility and trust. It also demonstrates our commitment as a company to keeping our data, staff and premises secure.

The benefits of certification to ISO 27001 include the following:

    · Proving to clients an organisation keeps their information secure;

    · Achieve operational excellence;

    · Minimise risk of potential data security breaches;

    · Protects reputation;

By achieving this certification, we are aiming to provide our industry with the reassurance that both Scout7 technology solutions and our internal processes, both online and offline, are compliant with the new regulations coming in, as well as the existing UK Data Protection Act.

It goes without saying that we are very pleased to have achieved this standard and there is no doubt in my mind that our approach is not only minimalizing risk, but will also strengthen our relationships with our clients moving forward.

What’s more, we also want to be proactive in supporting our clients with their own initiatives to becoming GDPR compliant, sharing the knowledge we have attained during our own journey.

We have legal partners who are ready to offer clubs and associations a full data protection audit, so if this is something you would like to pursue, please feel free to contact me directly via email ( and I can make arrangements to put you in touch with the relevant parties.

More information on the GDPR can be found at and if you would like to know more about ISO 27001 you can visit the British Assessment Bureau’s website.

Given the proliferation and exchange of confidential player and customer data between clubs and various other industry parties on a daily basis, achieving GDPR compliance at clubs and associations is going to be absolutely vital over the course of the next six months. If you want to speak to us about it, please get in touch.

by Lee Jamison Managing Director

Published 27 September 2017