On the 25th of May the GDPR (General Data Protection Regulation) comes into force. These regulations entail several demands on personal data processing, which must be taken into account when running a professional coaching business. This blog text brings up a few key issues from the GDPR, that companies should revise and follow.
Acceptance of data collection
If personal information is collected from an individual, that person needs to actively give consent for the obtaining of the information. The collector must be able to retrospectively indicate how and when this authorisation has been obtained from the person. The person must also be able to cancel the previously given consent.
Often in the coaching business, communication diffuses into many different channels. These channels create databases of customer information, which are very often difficult to handle and supervise. As an example, if personal information is handled by email, it should be noted that the email service provider maintains data in EU or meets the requirements outside the EU (Privacy Shield). Sometimes communication may include a person's health information, which is considered to be high risk information. The transfer of such information outside the EU is not permitted under the current legislation. Handling personal information via email is seldom a good idea. It has been said that email messages can be compared to postcards in the data security point of view.
There is a huge amount of data in terms of performance and physiology related information that are essential to maintaining the quality of the coaching services. Managing this information from different sources will be challenging given the GDPR requirement, for example a client's ability to request information collected from him or her in a machine-readable form or the ability to delete the collected information. GDPR also requires data to be stored in such a way as to provide adequate security against, for example, equipment failures (back-up systems).
Profiling can effectively influence the quality of the service and the direction of services. With the help of profiling, the services can be personalised through standardised methods, which makes the personalisation of the services more cost-effective. The profiling also includes services for genomics and personal product mapping. The general data protection legislation considers this information to be high risk personal data, that needs to be treated with special attention. The preservation of high risk information outside the EU is not possible under the current legislation.
Coach4Pro’s development is up to date
The design and implementation of the Coach4Pro system has been based on two main principles.
Personal information is always owned by the person himself.
Processing and editing of information inside the system has already been implemented to meet the GDPR requirements for data management.
Coach4Pro’s Data Security
The system has been implemented in such a way that the location of the servers within the EU's internal borders has taken into account the security of the premises to be safe for external threats such as fire etc. The system itself is based on the use of back-up servers (hot stand-by). In addition, only secure software components are used in building the system, for example, in the case of used data structures (design by security).
If you have any questions about the GDPR and Coach4Pro, please take contact to:
Otso Koskela Otso.firstname.lastname@example.org +358 40 060 3581