Data protection. Probably not something you give much thought to, but whether you store your clients\u2019 personal details in folders, spreadsheets or don\u2019t really have a system, data protection is something every PT needs to understand.<\/p>\n
The General Data Protection Regulation (GDPR) is a new piece of European legislation that comes into force on 25 May and affects personal data and how it\u2019s collected and stored. It will mean big changes to the way PTs protect their clients\u2019 data.<\/p>\n
Failing to notify a breach when required to do so, could result in a significant fine of up to \u00a38.8m or 2% of your global turnover, according to the Information Commissioner\u2019s Office (ICO). The fine can be combined with the ICO\u2019s other corrective powers under Article 58. So, it\u2019s important to make sure you have a robust breach-reporting process in place to ensure you can detect and notify a breach on time, and provide the necessary details.<\/p>\n
Thanks to smartphones, computers, the Net and social media, we accumulate data at an alarming rate. Our lives will be increasingly determined by data held on us, yet it\u2019s more open to compromise than ever \u2013 just ask MyFitnessPal, Yahoo! or Uber. \u201cThe GDPR brings data protection bang up to date, giving us greater control of our personal data \u2013 how it\u2019s collected and held, by whom, and for how long,\u201d<\/em> explains Raoul Lumb, data protection associate at law firm SM&B.<\/p>\n Begin\u00a0by getting organised. Think about what clients\u2019 data you store, why you\u2019re keeping it, whether you have permission to do so, how you manage it, where it\u2019s kept, who has access to it and for how long. \u201cMap it out so there\u2019s no confusion, then work out what\u2019s compliant and what you don\u2019t have consent for,\u201d<\/em> advises Lumb.<\/p>\n Taking \u2018before and after\u2019 pictures, storing client measurements and personal health information \u2013 all day-to-day occurrences for PTs and all fine under the news rules, as long as you\u2019ve validly obtained consent. Even if a client specifically asks for, say, performance monitoring, it\u2019s best to ensure you have written consent.<\/em><\/p>\n And sweating the details can be significant. \u00a0For example, Pre-screening participants and clients is an integral part of the health and safety procedure, therefore the fundamental principles of the GDPR also apply to the provision of PAR-Q forms.\u201d<\/em><\/p>\n The main aim of the GDPR is to provide more control over how organisations use data. Companies have an obligation to securely store customer data, be transparent about any data held when asking new and existing participants to supply details, and also to delete any data once expired or when asked to do so by its clients.<\/p>\n <\/p>\n Here\u2019s the legal blurb: consent must be explicit, rather than implied, and freely given after a request in clear, plain language. You must be able to explain why you\u2019re collecting personal data, how you\u2019ll use it, and have records proving consent was given. Under the GDPR, a client can also ask to be \u2018forgotten\u2019 and all their data must be immediately removed from your system and records \u2013 both paper and digital.<\/p>\n Software could make the process a whole lot easier. For example, the fibodo booking management platform offers a live planner, real-time booking with secure payment processing, and allows for storage of client data while creating and sending booking emails. \u201cIt\u2019s completely GDPR compliant and sets the PT up for the future, so no more haphazard bundles of client paperwork,\u201d<\/em> explains Anthony Franklin, CEO and founder of fibodo.<\/p>\n Once the GDPR goes live, adopting strong passwords and encryption is an absolute must. \u201cIf you are hacked, but have proper data encryption, that data is useless to a hacker,\u201d<\/em> says Lumb. \u201cWe all expect businesses to keep our details safe. Get this right and your clients will know you respect them and be more loyal.\u201d<\/em><\/p>\n \u00a0<\/strong>Find out more<\/strong><\/p>\n \u00a0<\/strong><\/p>\n https:\/\/ico.org.uk\/for-organisations\/resources-and-support\/data-protection-self-assessment-toolkit\/<\/a><\/p>\n datahubclub.com\/docs\/The_GDPR.pdf<\/a><\/p>\nWhere do I start?<\/strong><\/h3>\n
Article 5 of the GDPR outlines six principles that should be applied to any collection or processing of a person\u2019s data, which are as follows:<\/h3>\n
\n
Advancements in tech<\/strong><\/h3>\n
Keep it safe<\/strong><\/h3>\n