We recently spoke to a new Coacha user who was desperate to digitalise their club admin as soon as they possibly could. Club owners are usually keen to get started, but we detected a strong sense of urgency with this one.
After what turned into quite a lengthy phone call, they told us the reason for their urgency. They agreed that they wanted to prevent other clubs going through the same thing as they’d been through. So, they asked us to tell as many people as we could. We thought, why not let them tell you themselves?
Remaining anonymous, find out what happened when this club owner’s folder of registers and personal information was stolen during training.
We’ve been an established, successful sports club in our local county for around 7 years. With a strong team of volunteers, we never really saw the paperwork side of things to be a problem. In fact, we didn’t even know that an easier/safer way to run our club existed.
We have always worked by printing registers weekly and keeping folders of personal information. Coaches collect these from our base before every session. The base is always locked, and the documents stored in secure cabinets. I was always confident in our level of security for storage.
When GDPR came into place in 2018, we weren’t concerned as we’d never had an issue before and thought we were at very minimal risk of not complying.
Each coach attends training with their registers on clipboards. They also have a separate folder containing members’ personal information (medical and next of kin info) incase of an emergency.
Coaching is obviously a physical job and during training, paperwork often gets put down in order to instruct properly. Where possible, it’s left with a trusted volunteer. But on this occasion, there was no one available so it was left on the side of our training area. I could still see it, but my attention was more on our members.
It was a really great session for all those involved. Everyone was making progress and having fun too. I headed back to the folder area to grab a drink after 20 minutes and could’ve sworn my heart actually stopped. The folders were gone.
Hundreds of thoughts were running through my head; who could’ve taken it?; what would they do with the information?; why would they want it?
I kept thinking, 'I hope no one has an injury or becomes unwell because I have no way of contacting their parents or knowing their medical details.'
I remember looking around to see if I could see anyone with it. It was a busy evening, there were other clubs using the area either side of us and lots of people walking past. I called a few of my coaches to check around whilst also looking myself.
What happened next?
Fortunately, the incident turned out to be a (very unfunny) joke played by a member of my coaching team. But it had myself and the rest of the team going for a whole half an hour. The fact was, we deal with such personal children’s information, we would have needed to go down the route of declaring a data breach to the ICO.
Which meant we'd have gad to let the parents of our members know immediately (which would've been a huge blow to our reputation).
The incident really shook me and I've been taking steps to ensure it could never happen again. These steps includes getting on board with a piece of software (Coacha) that allows us to store all of our data digitally, rather than paper based and manage all aspects of our admin from within one system. This has also brought so many pleasantly surprising benefits to the team including saving us time, money and enhancing our already outstanding reputation.
Looking back, we should’ve taken more notice when GDPR came into place about storing data digitally. But to be honest, we weren’t aware that systems like Coacha even existed! We sadly had to find out the hard way. But I’d advise any club who are still paper based to learn from my mistake and look into going digital with a company like Coacha.
I’m really passionate about not letting this happen to any other clubs, because the damage, including potential fines could be enough to shut down a club like ours completely.
What are the legalities behind losing your folders?
Under GDPR, if a data breach happens (like your folders of personal information being stolen), you need to assess the risk to people’s rights and freedoms. If you think there is a risk, the ICO must be informed. You can take the ICO’s self-assessment to help make this decision.
The breach should be reported ASAP but you have up to 72 hours.
Depending on the severity of a data breach, the ICO can issue a fine of up to £17.3m or 4% of an organisation’s annual global turnover.
Points to consider
• Go digital
Even if you didn’t realise you had a problem, we urge you to learn from this club’s near mistakes. There are so many systems on the market that specialise in sports club membership software.
Going digital means that you can automate your registers/payments, provide easy access to member information from each coach’s device, protect yourself against GDPR, keep your data safe and secure, and so much more. Software will make your life so much easier, save you time and could also save you money.
• Don’t leave paperwork lying around
Whilst you’re doing your research, keep a close eye on where you’re leaving your folders.
• Spread the word
If you know other club owners, share this blog post with them so that they can avoid circumstances that could wind them up in court and being fined .