On may 25'th 2018 the existing data privacy laws are replaced by GDPR, General Data Protection Regulation. A common set of rules that applies to all EU member states - but also to anyone that handle personal information about a EU citizen.
There are a few horror stories circulating in social media and news papers saying that by breaching the law you are faced with €20 million in fines - Yes, that is the maximum penalty that can be given and it's designed to be able to punish the large corporations whenever they abuser your personal integrity.
As a sports club your are unlikely to be fined the maximum amount if you handle personal data in way that is not compliant with the GDPR - however any fines given will definitely hurt the club really bad. The good news is that it's quite easy to be GDPR compliant.
You should immediately investigate if your current membership database / membership management system can handle the updated requirements on how to handle personal data.
CoachHippo takes personal integrity really seriously
CoachHippo is build with the privacy by design principle which enables us to already be compliant with GDPR on a technical level that is imposed on a software and service vendor. As an example:
- We do not share your personal data with any third party for the purpose of displaying ads to you.
- The information you enter into CoachHippo is yours, not ours. So you can easily export your membership information regardless if you have our free or paid plans.
We have also made sure that our internal processes, routines and agreements are up to date and GDPR compliant which we managed to complete 7 months before the regulation is enforced.
Since we didnt have any technical things to fix to enable us to be GDPR compliant, we were instead able to create tools and routines that helps You and Your sports club to be compliant with GDPR in a simple and easy way.
As an example: you create your own membership attributes that are relevant to you in our dynamic membership database, such as social security number, adress, allergies. On each attribute you are able to se permissions such as who can update the information.
A basic principle in GDPR is transparency, so your member always have access to all the attributes you collect about him/her. To protect the personal integrity, only people with an admin or leader role has access to the membership database.
How can I manage personal data in the future?
You will need a lawful basis for processing personal data, which in most countries you already need. As a sports club your lawful basis can be:
- The personal data is necessary to fulfill an agreement or contract with the individual.
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- The individual can give your consent, which must be informed and freely given and can be withdrawn at any time.
An lawful basis for processing data can also be a legitimate interest, but this is difficult to apply to children so you should seek another way.
Social security number or other sensitive information such as membership in unions, ethnicity, sexual preference can never be processed only by legitimate interest and should always be done with the support of another lawful basis.
How do you manage your membership
Having an agreement in place a great way to use as a lawful basis for processing personal data, how do you handle your membership agreements today?
Why not let the member at the time of signing the agreement also accept the clubs core values?
An agreement sounds like a difficult thing but in essence all you need is a text, a tick-box and an easy way to collect and store them.
We have a solution called Konsento that enables you to easily create, sign and manage your membership agreement.
Konsento will be an integrated part of CoachHippo later this year.
You should definitely check it out and create your first membership agreement - today!