How many times have we decided to take part in a game without fully knowing the rules? How many times have we been faced with people who thought they knew them so clearly that they could change them in any case? Sports clubs face these kinds of questions every time, trying to adapt in every possible way to a reality that is constantly changing. The sports rules are in fact the result of a continuous revision in order to obtain an updated set of rules on sports law. However, many people are unaware that in addition to the rules of sports law, clubs must also keep up with the times in legal matters. The new European GDPR legislation on privacy protection has also introduced a number of obligations in the field of sport with which companies themselves must comply. The main change is the appointment of the DPO, Data Protection Officer. His presence would be strongly recommended due to the large amount of sensitive data to be handled. As in the case of companies, it would be necessary to have a person outside the federation able to control everything. Another important innovation concerns the relationship between federations and companies with regard to the collection of personal data. According to recent measures on the subject, it would be up to the companies to manage the personal data of athletes in order to be able to carry out their activities. The federation would limit itself only to the issue of membership and the granting of sporting eligibility. This distinction is, however, outdated in the case of national competitions, where the federation is in fact authorized to disclose the sensitive data of the athletes involved, collected by the clubs. The sensitive data of the Paralympic athletes are instead processed and managed directly by the federation, unlike what happens with normal data. Another very controversial aspect concerns the relations between federations and regional committees. According to the relevant legislation, the committees should be a projection of the federations at regional level. In most cases they tend to carry out their activities without having any real autonomy. However, there are cases where the committees are considered autonomous from the federations, at least as far as the tax code and VAT number are concerned. A last important case concerns the federations. In fact, according to art.30 of the GDPR, each of them is obliged to keep a register of its activities, considering the number of subjects involved each time. In the face of these changes, many European sports clubs and federations have been left out of the picture, but not Arsenal. The London club, in fact, had already complied with the best practices of the Data Marketing Association, one year before the new European regulations came into force. The company had decided to abandon the traditional 3 opt-in marketing system that allowed the consumer, by providing their email, to access newsletters, team updates and receive offers from Arsenal's business partners, turning to a single integrated opt-in of all three functions. This decision was taken following the GDPR's data protection impact assessment, carried out by the team's Data Protection team. From this survey the researchers found that the company had been involved in 800 different types of data collection, in different formats from pieces of paper to structured data sets. After defining the situation, the Data Protection team itself chose to implement a new action plan to improve the relationship between clubs and fans. In this new plan, the real novelty was the participation of a player, Jack Wilshere, who, in a video, told the consumer what it meant to tick one integrated box compared to three different ones. The head of Customer Relationship Manager at Arsenal, Mic Conetta, at a recent conference at the Email Insider Summit Europe, an elite venue for European marketing experts, stressed the importance of the result: "If you have a relationship built on trust, you're collecting data the right way, and you're engaging with the public the right way, it's actually an opportunity. The Gunners' bet worked, first-part opt-ins dropped significantly, while fan support increased significantly, generating a new Fever Pitch. Cheering can be sleepy and sleepy but when it's real cheering it's like a burning fever every time again and this is well known to Arsenal executives who have decided to promote a change in marketing strategy, relying on the unconditional love of their fans who are willing to help the team financially even in bad seasons. In doing so Arsenal have graduated itself European champion of the GDPR, awaiting a European triumph that has been missing since 1994.