X
  • Getting your club GDPR ready
    There’s help at hand when it comes to getting your sports club
    GDPR ready. No catches involved here, and it may actually be
    easier than you think.

    Read on to find out more…


Will club software help me with GDPR compliance?

By using the right software like Coacha, yes it will.

There are some aspects of GDPR you will need to make decisions on yourself (like the lawful basis for processing data for example) that we simply can’t build in to our software. However, we believe that our club software could get you as far as 80% the way towards your compliance.

In this article we’re outlining how Coacha2.0 will help you achieve many of the requirements discussed in our GDRP in Sport Guide. If you haven’t already, we suggest you download a copy (it’s free) as we refer to it quite a lot in this article.

Click on the questions below to fastrack to the topic of your interest:

How can my coaching staff/helpers record data in the right place?

How can I Instruct my coaching staff/helpers on how to communicate with members?

How can I assess how my system looks now, and how it needs to look to comply with GDPR?

How can I show the types of information I hold, where the information comes from and who my data is shared with?

How do I show that I handle people’s requests for copies of their information?

How do I let people amend the information I have on them?

How can I show that I can delete or ‘forget’ people from my records?

How can I show that I’ve got permission from people for me to use their details?

How can I show how I will let people withdraw consent to use their data and how easy this will be?

How can I show how I have gained consent from parents/guardians of children?

How can I document how I will deal with any potential data breaches?

Why should I complete a Privacy Impact Assessment?


Why should I become GDPR compliant?


Because if you don’t and you’re investigated by the ICO, you could get a hefty fine. Certain aspects of GDPR are legal requirements, so if you’re not compliant you will be breaking the law.

With this in mind, we’ve built a substantial proportion of Coacha2.0 with GDPR at its heart. This makes compliance as easy as possible for club owners like you. By using Coacha you will be able to demonstrate to the ICO how you satisfy many of the requirements of the GDPR.


Coacha2.0 will be launching soon and we thought we’d bring you a sneak peak of what’s to come. We’ll show how most of the points in our GDPR checklist are catered for in Coacha2.0 that will help your club become GDPR compliant.

We’ll be providing further updates on this topic shortly. To ensure you don’t miss any of them, subscribe to our FREE update service and newsletter.





Awareness & Accountability

As we outline in our guide, part of becoming GDPR compliant means you will need to demonstrate that you have certain procedures and processes in place. Simply by using Coacha, many of these bases will be covered for you.

Q– How can my coaching staff/helpers record data in the right place?


With everything kept in one place, it’s going to be easier, less stressful and less time consuming to gather data if you start receiving ‘information requests’.


By ensuring all coaching staff/helpers use Coacha, all member and club information will be stored safely and securely in the same place. This can then be downloaded by members themselves, you or by your coaching staff/helpers.

Q - How can I Instruct my coaching staff/helpers on how to communicate with members?



All-important communications (such as email/text) need to be recorded, stored and easily accessed. You will need to be able to demonstrate you have a process / system in place to retrieve this data.

By using Coacha’s broadcast system, the content of all texts and emails are stored centrally should you ever need to retrieve them. When using Coacha, you have the option of sending email broadcasts, utilising our text service, or both. Whichever you chose, copies of all of the content of all of your broadcasts are kept.

Q – How can I assess how my system looks now, and how it needs to look to comply with GDPR?



If you’re looking at multiple spreadsheets, various WhatsApp groups and panicking a little, then don’t.

Just by using Coacha means you will automatically have a system that will help with your club’s GDPR compliance. And for just £25 per month, using it won’t be breaking the bank. In fact, it could save you money.


Info you hold


Q – How can I show the types of information I hold, where the information comes from and who my data is shared with?


Whilst you’ll need a written policy to prove this, Coacha stores the same information for each member making it easy for you to record data. You will already know the data fields you need to run your club. Most if not all of these will already be built in to Coacha.

Also, with being able to control who has access to the information in Coacha, you can easily show it in your written policy. The exceptions here being any other external organisations you use/share data with, such as promotional companies or email software like Mailchimp.





Individual’s Rights & Access Requests


Q – How do I show that I handle people’s requests for copies of their information?

As GDPR is all about individuals having more control over data held on them, your members will now be able to request a copy of all information you hold on them. Under GDPR you will need to provide this information within 30 days of the request.

You will also need to do this free of charge as opposed to the current ‘subject access fee’ of £10. The data you provide must be in a commonly used digital format (eg PDF/CSV); a few sheets of hand-written paper simply won’t do.

A very significant addition to Coacha2.0 is our Member/Parent Portal. Once logged in to Coacha with their unique login, people can download any data held on either themselves and/or their children. Coacha instantly informs you as the club owner each time this happens.

By using Coacha for holding member information, you will have a lot less to do when it comes to people submitting a ‘data request’. People asking for copies of information held on them like this is set to be one of the most time-consuming parts of GDPR compliance. But not if you’re using Coacha.

People over 18 will be able to instantly download their own data into a digital file. Where children are involved, Coacha will have built in mechanisms to ensure specific GDPR and safeguarding guidelines are met when they are confirmed by the ICO. Until then, you as a coach will need to provide the data to parents directly from Coacha yourself. Again, it’s a simple process and very quick to do.


Q - How do I let people amend the information I have on them?



Your members will have the rights under GDPR to be able to amend any information that is held on them by you.

This will be very easy to do in Coacha2.0 as they can login to the Member/Parent Portal and edit basic information (such as address, telephone number, emergency details etc.) themselves whenever they want to.

Certain things like changing a member’s payment details or updating sensitive data such as coaches’ notes will need to be overseen by you though. Again, all very simple to do and takes no time at all.

Q – How can I show that I can delete or ‘forget’ people from my records?



Unless under specific exceptions outlined in the ICO’s GDPR guidance (public health/safety interests for example), your members have the right to be ‘forgotten’ and for their data to be permanently deleted.

Again, easily done with Coacha, as a member can simply be deleted from your account at the touch of a button by you. Some data such as financial transactions or class attendance, will be retained though. This means your club data remains intact and you can fulfil your own compliance and legal obligations.

Q – How can I show that I’ve got permission from people for me to use their details?



Members must now actively ‘opt-in’ in order for you to use their data. You must not rely on ‘inaction’ any more. For example, an automatically ticked check-box won’t do, or ‘click OK to agree to all of our terms and conditions’.

When your members use the member portal they will be asked for consent to use their information for specific things (such as those outlined in our guide). They will be able to update their preferences at any time.

In addition, you can add waiver forms and other documents when sending out member sign-up forms. In Coacha2.0, members/parents will be able to electronically sign these documents and return them to you. This will make this entire process a lot easier and, most importantly, all be recorded and held in Coacha.


Q – How can I show how I will let people withdraw consent to use their data and how easy this will be?



It must be an effortless process for members to withdraw their consent for you to use their data at any time. Withdrawing consent completely will mean they will not be able to remain in your club, as you need to store and use their data as part of their membership.

They may however, decide that they want to withdraw their consent for something like receiving marketing information about ‘benefits and special offers associated with being a member of your club’. In this case, they can log in to Coacha’s Member/Parent portal and simply change their preference.

With something like this, when sending a broadcast from Coacha, you will be presented with a tick box asking if this broadcast is marketing-related or not. If ticked, this box will exclude all members who have opted out of marketing information. Very easy for you and your members.


Children


There are some very specific GDPR considerations when it comes to processing children’s data. We have analysed the ICO’s Consultation: Children and the GDPR guidance (a copy can be downloaded here) and will be publishing our thoughts and findings shortly.

Once finalised, this guidance will become added functionality that we will be building in to Coacha2.0.

We’ll be providing further updates on this topic shortly. To ensure you don’t miss any of them, subscribe to our FREE update service and newsletter.

Whilst this guidance hasn’t been passed as part of the GDPR, we’ll be keeping a close eye on it. For now though, here are a couple of things you need to get on top of straight away…




Q - How can I show how I have gained consent from parents/guardians of children?



As with adults, you need to establish what data you need to process on children and why. You then need to seek permission from the child / parent (depending on their age) to use and process their data.

The main difference that GDPR brings will be the age at which a child is able to give their own consent. At present there is no UK law on this (although in Scotland it is 12 and above) but under GDPR this will be set to 16 and above. It is however possible that in the UK this may be 13 and above.

With Coacha2.0 an accurate record will be kept against each of your members showing how and when they (or their parent/guardian) gave you permission to process their data. It will also show the type of information they said you could process and what information you can/can’t send to them.

In addition, Coacha already follows NSPCC CSPU Guidelines for contacting children using email and text messages. The rules Coacha follows are:

  • If the member is over 18 or over, any email/text is sent directly to them.
  • If the member is between the ages of 13 and 17, the email/text is sent directly to them with the parent/guardian copied in.
  • If the member is under 13, the email/text is sent to the parent/guardian only.


Data Breaches


Q – How can I document how I will deal with any potential data breaches?



You will need to have your own plan of action that should involve detecting, reporting and investigating a data breach. We work extremely hard to protect all the data we hold on your clubs and your members. However, it’s comforting to know that we at Coacha have our own data breach policies in place.


Protection by Design

Q – Why should I complete a Privacy Impact Assessment (PIA)?



You should always ensure that the privacy and security of people’s data is at the centre of anything you do. For example, if you’re carrying people’s printed info around with you then you are especially vulnerable. Even If you’re currently using, reviewing, or looking for club management software, make sure you understand how secure they are and how GDPR compliant their systems are.

Whilst not a legal requirement, performing a Privacy Impact Assessment will highlight any weak spots in the way you handle information. Simply completing a PIA will go a long way to satisfying the ICO that you are working on GDPR compliance should they investigate you.

With the GDPR compliance features we’re building in to Coacha2.0, just by using Coacha in your club will show the ICO that you’ve taken positive steps towards GDPR compliance.

We can’t perform a PIA for you, but we’ll be providing further updates on this topic shortly. To ensure you don’t miss any of them, subscribe to our FREE update service and newsletter.


The Legal Stuff


This article is intended only as a guide and is not to be regarded as a substitute for consultation with a legal specialist who can advise you with a focus on your specific circumstance. We cannot warrant that this article is entirely error free as the ICO state that their own guidance to GDPR (which this article is largely based on) is a ‘living document’. This means guidance and recommendations are still evolving.