Under the spotlight: The GDPR

Under the spotlight: The GDPR

Four little letters you need to know about..

Data protection. Maybe not something you’ve given much thought to. Until now – there’s no escaping the GDPR noise. So whether you store your clients’ personal details in folders, spreadsheets or don’t really have a system, data protection is something every PT/coach needs to understand.

The General Data Protection Regulation (GDPR) is a new European legislation that comes into force on 25 May affecting personal data. If you haven’t already, this means you need to review the way you collect and store personal client data, to make sure it’s protected. So it’s time to gen up.

Firstly, why bother?

Ignorance isn’t bliss. Overlook the GDPR and you could face eye-watering fines of up to four per cent of your annual turnover if, for instance, you got hacked or lost a clients’ data and they report you to the Information Commissioner’s Office (ICO).

Thanks to smartphones, computers, the net and social media we accumulate data at an alarming rate. Our lives will be increasingly determined by data held about us, yet it’s more open to compromise than ever – just ask MyFitnessPal, Yahoo! or Uber.  “The GDPR brings data protection bang up to date, giving us greater control of our personal data – how it’s collected and held, by whom and for how long,” explains Raoul Lumb, data protection associate at law firm SM&B.

Where do I start?

Begin by getting organised. Think about what clients’ data you store, why you’re keeping it, whether you have permission to do so, how you manage it, where it’s kept, who has access to it and for how long. “Map it out so there’s no confusion then work out what’s compliant and what you don’t have consent for,” advises Lumb.

Taking ‘before and after’ pictures, storing client measurements and personal health information – all day-to-day occurrences for PTs /coach and all fine under the news rules, as long as you’ve validly obtained consent. Even if a client specifically asks for, say, performance monitoring, it’s best to ensure you have written consent.

Here’s the legal blurb: Consent must be explicit, rather than implied, and freely given after a request in clear, plain language. You must be able to explain why you’re collecting personal data, how you’ll use it and have records proving consent was given. Under the GDPR, a client can also ask to be ‘forgotten’ and all their data must be immediately removed from your system and records – both paper and digital.

A helping hand

If you’re reading this with a sinking heart, software can make the process a whole lot easier. fibodo’s booking management platform offers a live planner, real-time booking with secure payment processing, allows for storage of client data, whilst creating and sending booking emails. “It’s completely GDPR compliant and sets the PT/ coach up for the future, so no more haphazard bundles of client paperwork that could easily fall foul of the law,” explains Anthony Franklin, CEO and Founder of fibodo. “PTs and coaches using fibodo can also be confident all GDPR bases are covered.”

Keep it safe

We all know making every password our cat’s name isn’t clever. But once the GDPR goes live, adopting strong passwords and encryption is an absolute must. “If you were hacked, but have proper data encryption, that data is useless to an attacker,” says Lumb. “We all expect businesses to keep our details safe. Get this right and your clients will know you respect them and be more loyal.”