Data protection is big big news.
And very soon everyone will have to change how they view and handle data. That's because later this month the GDPR will come into effect.
Now you’ve probably heard plenty about the GDPR at this stage, but if it’s something you’re still not entirely sure about then this post will help you gain some clarity.
First of all, what is GDPR?
Technological developments, like social media, have been booming during recent years. The way in which companies gather and use data has changed along with this. And with all these developments changes in data protection regulations have to be made too.
New rules and regulations about data protection that will come into effect on May 25 2018 and it applies to all EU businesses and businesses that deal with EU customers.
This means that businesses must change how they handle the personal data of clients. But it doesn’t mean that you can’t keep growing your business and your mailing list. Heavy fines will be applied to businesses who fail to meet these regulations.
What Are These Changes Exactly?
Here’s an overview of how things will be changing once these new regulations come into place:
- Online identifiers, like cookies and IP addresses will now be classed as personal data (that is, information that relates to an identified person). This is important for any business with an online presence, given the amount of data captured by websites.
- Special category or sensitive data, such as religious beliefs, sexual orientation and ethnicity, will also be widened. This means that for health and fitness businesses, the data used to study athletic and health performance (e.g. biometric and genetic data) will now be regarded as special category. Therefore any data collected for athletic or health records must comply with the rules set out for special category data.
- Client records kept by personal trainers are likely to contain sensitive data. So something all business owners need to understand is that the information they hold is held for a valid reason. It must be required for a specific purpose. And they must also ensure that consent is given by the owner of the data (i.e. the customer).
- If a customer wishes to have their data erased or removed from your records, your business must comply with their wishes.
- Your website must contain terms and conditions and a privacy policy. These must be in plain English so that they can be easily understood and provide a clear explanation of what data will be used for and how it will be collected.
- If you offer a freebie on your website you can only email them about that particular offer. You cannot email them about something else because they did not sign up for that. If you wish to add people to your general newsletter list then your opt-in must give them the opportunity to consent to this.
What You Can Do
- Review what client information your business collects.
- All of the client data in your existing records must be up to date and accurate. Determine how long will you store it for and whether you actually need it.
- Establish a list of all the data your business gathers, how it collects it and what it is used for.
So make a list of:
- The data your business collects
- How it collects it
- What it’s used for, and
- If transferred out of your business, how and where does it go
Record Keeping
If part of your role as a personal trainer is to monitor your clients, ensure that you have obtained valid consent from your clients to do this. Consent will no longer be allowed to be buried within the small print. It has to be clearly shown, and your records must show that it was obtained.
Doing all this will help to ensure that businesses are not holding onto information that they have no right to be dealing with. You need to make sure that people know exactly what their data is being used for.
With all of the information you’ve noted, you should consult an expert to determine what is compliant and what isn't, as well as what you need to do to be compliant.
A Final Note
The GDPR can be a bit of a minefield for a lot of people. But if you can spend some time trying to understand and use the information within this post and on the GDPR website you should be able to ensure that your business is compliant.
Side note (as it's been asked a few times recently): PT Distinction is GDPR compliant and we will be updating our terms and conditions to reflect this before the May 25th deadline.
