Please note that these materials are provided by the RFU for clubs, constituent bodies and referee societies to assist with their use of personal data.

If you would like information on how the RFU itself deals with personal data, please see the RFU's Privacy Notices.

UK data protection laws govern the use of personal data by organisations. These rules are primarily set out in the UK General Data Protection Regulation (UK GDPR), supplemented by the Data Protection Act 2018 and other relevant acts.

In simple terms, privacy laws help protect the personal data of those involved in rugby by requiring better governance and transparency. Organisations holding personal data, including constituent bodies, referee societies and clubs, need to give people information about what they do with those people’s data, why, and how long they will keep it. Privacy laws also grant individuals certain rights in respect of their data (such as access rights and rights to be forgotten) and there are rules around direct marketing.

The RFU is pleased to provide guidance and resources via a toolkit to help constituent bodies, referee societies and clubs towards compliance. The toolkit provides an overview of relevant legislation, what it means for rugby, and some practical steps you can take to guide your own compliance programmes.

It also contains some template policies and procedures you can use to assist in developing your own documentation.

Please be aware that data protection can be a complex area, and this toolkit is not intended to give every answer to every scenario or question, nor should it be construed as legal advice. It is a starting point for clubs, referee societies and constituent bodies and you should review guidance on the ICO website or obtain independent legal advice if you have further questions.

You may also contact the RFU Legal Helpline on 0333 0100337 for support with specific queries.