How GDPR affects gyms & how you can prepare
The EU’s General Data Protection Regulation (GDPR) takes effect on May 25 of this year. GDPR entails a host new legislation and regulations for business, including the way personal information of customers and employees is handled and stored.
Although GDPR is an EU regulation, it applies to all businesses which handle the data of consumers, employees, or of other businesses located in the EU.
So chances are good that GDPR applies to you and that you will need to update some core components of your technology and data strategy accordingly.
It may sound daunting, but TrainAway is here to help! Keep reading for an overview of how GDPR will affect gyms; the changes that are taking place; and how you can prepare.
Does GDPR affect my gym?
Any business which handles personal employee or customer data will be affected by GDPR, and obviously that includes gyms. Your visitors give you their contact info, biographical details, financial information, and much more that they expect and trust you to store securely.
If you can say with 100% confidence that your gym does not store the data of employees or customers in the EU, then GDPR does not affect you. If you do, however, then you should read on.
What changes are taking place?
In a nutshell, GDPR means:
- Customers have increased rights over what you do with their data and it is easier for them to exercise those rights, for example by requesting that you remove their data, opting out of marketing campaigns, etc.
- Companies have enhanced responsibility toward customers’ and employees’ data. You must internally document all your data-processing and -storing methods and ensure they meet GDPR standards.
- Customers must clearly consent to giving you their data and allowing you to store it.
- Customers must be informed as where their data is stored, who has access, and more.
- Customers must be informed within 72 hours if there is a breach of your security that compromises their data.
- Failure to adhere to these rules comes with a fine of €20 million or 4% of your income, whichever is greater.
What do I need to do?
First, you should take a look at your gym’s current handling and storage of customer data. Ask:
- How much customer data is collected and stored?
- How is customer data stored?
- Have all my customers consented to having this data stored?
- Who can access customer data?
- How is customer data deleted?
Going through these questions should help you identify holes where your gym needs to align with GDPR.
How can I improve?
- Evaluate your IT systems and make any security upgrades or improvements where necessary.
- Review your current request for consent to collect and store customer data: is it thorough enough? Is it easily visible and clear to customers? Does it make clear why you need to collect this particular data from customers?
- Make sure your employees are aware of and understand the coming changes.
- Create and maintain contracts with any third party data processors you may work with.
- Commit to erasing customer data if they request it.
- Check if the images or information on your website or elsewhere require consent from the people involved in them to be used.
The GDPR may sound daunting, but it doesn’t have to be – especially if you prepare in advance. TrainAway wants to make sure that your gym remains safe, secure, and ideal for your members as well as for travelers to enjoy. Follow the tips in this article and you’ll be well on your way to being ready when GDPR takes effect on May 25, 2018.
Check out What is GDPR for more helpful resources and guides to preparing your business and your employees for GDPR.