data protection

for any forms of marketing. It’s a headache, but speaking as an individual I believe this step is overdue and will be of long-term benefit to all parties. If you actively seek consent, always state clearly and specifically what customers are opting-in to, and what their data will be used for, you can’t go far wrong.” Adopting strong passwords goes without

saying and encryption of all sensitive personal data will be a must. “If a breach does occur, but proper encryption standards have been used, your data is largely useless to attackers,” says Powell. Lastly, customers can ask for their data to be

forgotten, and completely removed from your records. “You’re obliged to acknowledge these requests within 72 hours and deal with it within 40 days, so ensure your processes allows this to happen swiftly and easily,’ says Phillips. “It would be wise to ensure your frontline staff are fully aware of the practices you adopt.”

Q6 Will Brexit mean we’re off the hook? The GDPR will apply to all companies, even non-EU ones. “Any debate over whether the GDPR will matter after Brexit is a waste of time,” says Phillips. “It will automatically be part of UK law in May 2018, and by tabling the UK Data Protection Bill, has made it abundantly clear that the UK and EU data law will continue to be harmonised.”

Q7 Will I need to employ a Data Protection Officer (DPO)? Most organisations that routinely handle personal data will need someone who ‘owns’ data protection, knows procedures inside out and regularly reviews them to ensure they remain aligned. “Public sector bodies will be

required to designate a DPO, but it’s wise for everyone to consider

filling that role,” says Toprakseven. “Getting GDPR ready for May isn’t where it ends, you’ll be accountable forever. You wouldn’t run your business without accountants; data protection should be the same.”

Q8 So will I have to ‘wake’ my sleeping members? “It’s unlikely operators will be able to continue to rely on sleepers, unless your consent process was GDPR compliant in the first place,” explains Alex Finster-Rowen, head of operations at XN Leisure. “In other words, you must be able to demonstrate that consent was freely given, was specific, informed and unambiguous. By far the safest option is to make contact and seek the level of consent you need, even though this means ‘waking’ them. In addition, you’ll need to communicate the

individual rights which apply to all customers under the GDPR, most likely by updating your privacy policy. It would be wise to notify them that changes have been made.”

Q9 Am I too late to comply by May? Time is tight, but the majority of leisure sector technology partners are engaging with challenges the GDPR brings to make it easier for operators to adopt safe data use. “Software changes alone won’t guarantee

compliance. It’s down to operators to be aware of the regulation, the deadlines and what GDPR means for them, as they’re the data

controllers,” says Finster-Rowen. “To help, we have modified all our software and written a dedicated Data Protection Module. We’re conducting assisted upgrade sessions with our customers, to make compliance easier and less laborious.” Other software providers are making similar

changes but organisations do not have much time, especially if they are only just beginning on the path to compliance. It’s better to take some action now to understand what the GDPR will mean for your organisation than to hope it will all blow over.

Q10 Where can I get help? The Information Commissioner’s Office (ICO) is a good place to start, and DataHub has created a White Paper detailing how the GDPR will affect the leisure industry.

Useful links paper-the-gdpr/ organisations/guide-to-the-general-data- protection-regulation-gdpr/ ta_Protection_Regulation


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41