What Coaches Need to Know About the GDPR

Unless you have been living under a social media rock these past few months you will know that an important change to Privacy and the Internet has occurred (and no we are not talking about the recent Facebook privacy scandal with Cambridge Analytica, although this also has interesting implications for coaches), so we thought we would compile some of the important things for coaches to know.

Before we get stuck into it, we’d like to be clear that this article should not be read as professional legal advice. We have written it for information purposes only.

So What is GDPR?

GDPR stands for General Data Protection Regulation. It’s the European Union’s new data protection law and it came into effect on 25 May 2018. 

What Are The Main Principles?

1. Transparency
   You must ensure that your data collecting processes are transparent. That means it must be easy for your clients and visitors to find out where you store their data, what you do with their data and how they can either delete your copy or get a record of it.

2. Lawful Collection and Usage
   It goes without saying that you need to obtain data about your clients legally, but what some people might not realise is that once you have that data you can only use it for the purposes for which it was collected. So for example, you can’t collect data on your clients when they sign up for a specific workshop, then use it to create a mailing list for an event you are running with a colleague on another topic.

3. Permission
   Again, goes without saying, but you must have permission to collect someone’s data. This means you can’t “buy” a mailing list off someone else, or add people to your mailing list when they are actually signing up for your free eBook without asking them. And that last part is the important bit – you MUST include a checkbox on all your forms that specifically ask people to consent (and it can’t be pre-ticked).

4. The Right to Leave
   You must have provision for people to remove themselves from your mailing list and your database and it must be EASY to do so. Most business have the unsubscribe option, but some like Amazon for example, make it a protracted process. As of May 25th it must be simple, transparent and fast. 

I’m Not In the European Union So Why Should I Care?

You need to care at three levels:

1. Your Global Clients
   Firstly, most coaches, and definitely most ICA Coaches work with clients from all over the world. The fact that you CAN do this as a coach; live and work from anywhere at anytime is one of the most attractive features of the profession.  So you will need to ensure you are treating your client’s data appropriately. 

2. Your Global Website Visitors 
   Secondly, even if you are just targeting your local community, most coaches will have a website with at least one form or contact email address on it, so you need to be compliant with data collection principles.

3. ICF Compliance
   The International Coaching Federation, the peak body for coaches globally, has made some significant changes to its privacy policies and processes. If you are a credentialed coach, or even if you are not but plan to be in the future, you should heed these changes.

   Peer Coaching Logs
   Probably the most significant change is the fact that the ICF will no longer require you to submit a logo for clients when applying for your credential. Don’t be fooled though, this DOES NOT mean you don’t have to collect that information, they just want you to store and manage it, not them. So in many ways there is an increased onus on you to make sure you are compliant with data privacy and management processes.

Read more about the changes to the ICF Policy here

Steps You Should Take (if you haven’t already)

• Make sure all the people you work with are across this, including Virtual Assistants, Accountants, Marketing  Agencies etc. You are liable for the practices of 3rd parties you work with.
• Conduct an audit of any personal information you currently hold, where it came from and who you share it with.
• Delete any personal data that you don’t need.
• Make sure your users can unsubscribe or remove themselves easily.
• Update your privacy policy.
• Update the way you collect and manage client data in relation to ICF credential applications.