- Club appointed its first data protection officer in January 2018
- Eight clubs in the northwest share best practice in GDPR forum
- Partnership with Fanatics will improve data-gathering capability in new stadium
The introduction of the General Data Protection Regulation in the European Union in 2018 placed new responsibilities on sports rights-holders concerning the way they gather and process fan data.
Premier League team Everton responded to the new rules by appointing Ian Garratt as its first data protection officer in January 2018 with a mandate to prepare the club for GDPR in just four months. One year on, Garratt joins Everton’s director of risk & governance Paul McNicholas and Kyle Cockett, the club’s senior insight manager, to talk about the club’s approach to data compliance and risk under the new data regime.
How difficult was it to prepare for GDPR?
Ian Garratt: When I came in it was almost like starting from scratch. We first went around all the departments to have a look at what data they were collecting, why they were doing it and how long they were keeping it for. We put all that into a data map so we could see those flows coming into the organisation and then out again.
What helped me is that Everton historically have collected information the right way, so they’ve always been very open about giving people a choice. Do they want to opt in for marketing? If we’ve had information coming in from the third parties, Everton has gone out to the individual and said: ‘We’ve got your information. Do you want to be on our database?’.
How do you think other clubs, in general, have handled GDPR? Have their strategies differed from yours?
Kyle Cockett: Manchester United probably ran the biggest campaign to get their fans to opt in again. They advertised it on the LED boards in the stadium on matchdays. I think they were by far the biggest on awareness. I think some of our fans wondered why we weren’t doing the same thing, but we decided to take a slightly different approach.
Do you share best practice with other clubs?
IG: From a GDPR point of view, we’ve got a forum in the northwest. There are eight clubs in the group at the moment. We meet quarterly and that’s just to share best practice. Manchester Utd, Manchester City, Burnley, Blackburn, Wigan and Preston [are members of the group]. Celtic joined very recently.
At the time GDPR was introduced, a lot of teams said it would have a positive impact and compel them to clean their databases. Have you found that to be the case?
KC: I think we’ve always had the view that it’s better to have a smaller database that’s accurate and not full of junk. Our database has got engaged fans in it. I think other clubs in the league have grown their databases from multiple sources and almost used GDPR as a data cleansing exercise. We didn’t really need to do that so much because most of our data has already been cleansed over time anyway.
What are you best sources of fan data and how do you manage them?
KC: We collect data from three sources. The first is from ticketing. We use a ticketing system called SecuTix and to buy a ticket you have to be registered on that ticketing system. Then we have data that we collect from our retail partner, Fanatics. They supply us with data on anyone that’s purchased online. And then the final source is online website registrations. Obviously if you’re an international fan, you might not want to buy a ticket or buy a shirt, but you can go on the website and register. Then we have a process in the background that de-duplicates those three different sources.
To what extent are you able to segment your fanbase and target your messages and marketing more effectively?
IG: We’ve got the ability to be a lot more granular now. Everyone on our database has the option of five mailing lists. We’ve got a general news [mailing list], ticketing news, club partners, Everton in the Community and then Everton Ladies as well. Depending on what they want to receive from the club, they can pick and choose.
How are you using that data to improve the Everton fan experience?
KC: We carried out some research to try and understand the core motivations of fans and their attitudes towards going to the game. The survey covered things like what the fans buy but also, when they get to the match, how interested are they are in singing and chanting or how interested are they in going to the fanzone? Do they wear a shirt on a matchday or do they just go in their own casual clothing? It really drilled down to quite a lot of detail.
Based on that, we were able to segment our fans into five different groups of shared outlooks and patterns of behaviour when it comes to following the club. If we are pushing a certain activity in a fanzone on a match day, we have a good understanding of which group(s) to target with those things.
We’ve got a group of older, longstanding season-ticket holders who are very much about the traditional matchday experience. They get to the pub, leave the pub five minutes before kick-off, get to their seat and they’re not really interested in the fan engagement activity that we do around the matchday. Whereas there are other groups that want a more family-oriented experience where they might want to bring the kids down, the kids might want to have their faces painted, they are all wearing [team] shirts, they want to meet former players in the fanzone. We do quite regular surveys around things like the matchday experience and fans’ views on that and we’re always looking for ways that we can improve.
You are working with Fanatics to design the retail experience at your new stadium. What features can be added to the new retail experience to improve your data-gathering capabilities?
KC: At the minute we have a gap in our knowledge when it comes to retail purchases. We don’t collect data on those people buying in store. We’ve got fans that buy online and we’ve got some fans where it doesn’t look like they are buying much merchandise. But that could be because they’re the older fans that I mentioned, who are going in the store, paying by cash and then obviously we don’t receive that data. I think that’s something that we can look to do with the investment in the store at Bramley-Moore Dock [the site of Everton’s new stadium], to collect that information at the point of sale.
Are you conscious of the need not to treat fans as data points? How do you guard against them feeling exploited?
KC: I think we’re very careful in terms of obviously overselling to fans. We’ve just invested in a piece of marketing automation software, Salesforce Marketing Cloud, and we can use that to make sure fans are not receiving too many emails and we’re not pushing too much on to them. You can set up rules in the background within that software to say if someone has been emailed already within a certain time period, they’re not eligible to receive more communications.
What can you offer fans in return for their data?
KC: We do a lot of prize draws with fans. Obviously, fans that sign up to the mailing list also get regular communications and team news, and our surveys are another big part of that. My team is responsible for conducting primary research with fans. Recently we’ve done one around transport to the new stadium and obviously if fans aren’t opted in, we can’t send them that survey. What you tend to find is when surveys go out like that, we get fans contacting the club and they can’t understand why they’ve not received it or haven’t had the option to take part. That’s why it’s important that fans, if they do want that kind of stuff, are opted in to the right mailing lists.
How much do you use the data you collect to benefit your commercial team?
KC: We do regular top prospect surveys for our partnerships team. We look at certain sectors that they’re interested in within the market at that moment in time. Then we’ll go out and look up things like brand awareness, brand consideration and usage within those sectors. And we’ll ask fans questions around certain topics like that. We’ll have questions in those surveys about major purchases like cars, mobile phones, digital devices. Quite often the data that we get back from those surveys is then used by our partnership sales teams to create a pitch for a particular partner that they have in mind.
What is the function of the risk and governance unit and how does it operate?
Paul McNicholas: Over the past two years the club has made a decision to invest in governance fairly heavily in comparison to other football clubs. What that amounts to is we now have a team of eight people who look after a range of governance-related activities. When I first joined as a one-man band [as head of risk], it was about putting a framework in place so the board and the senior management understood the risks this club faces, and so they had people within the business to make sure things were being done about them and that they were being managed effectively.
That then built out into things like internal audit activity, where we have a professional internal auditor – which is also quite unusual for a football club – whose job is to systematically audit the club over a three-year period, look at all our processes and help us to improve them – to identify weaknesses in those processes and help us to minimise risk.
What are the biggest threats to a Premier League football club in the current context?
PM: We’ve got a risk register with 350 risks on it. There’s quite a wide range of things that keep people awake at night. Everything we do trickles down from results on the pitch, but there are also things, like running a safe and enjoyable matchday operation for our fans or protecting ourselves from cyber-attacks. Everything we do within our team affects the club set-up somewhere.
