Despite widespread press coverage about the implications of the General Data Protection Regulation (GDPR) coming into force in May, and the hefty potential fines which might be incurred for non-compliance, many coaches remain confused about what they should be doing to comply.
The days leading up to the deadline for compliance – 25 May – were marked by panic in many quarters, inboxes being jammed with GDPR-related emails. Weeks on, as the magazine goes to press, there are still emails coming in from fellow coaches and other service providers laying out their data protection policies and offering subscribers the option to opt in or out to having their data held by the provider.
Yet a number of coaches from both the UK and other countries, including Spain, shared with Coaching at Work that they still hadn’t taken action and were unclear what they had to do. But, as Henley Business School warns, doing nothing isn’t an option.
In the lead-up to the date for GDPR to come into force, a survey carried out earlier this year by Henley revealed that many coaches were completely unprepared (see Are you GDPR ready?). The study was carried out among 129 coaches and considered the implications of the GDPR for coaching practice. Only 11% of coaches had registered with the Information Commissioner’s Office, the regulatory and registration body for the UK. Less than 5% had specific plans to take action to address any shortfall in their non-compliance with GDPR.
The GDPR extends the scope of the EU data protection law to all foreign companies processing data of EU residents and aims to harmonise the data protection regulations EU-wide, placing a stronger focus on compliance and the rights of the data subject or individual the personal data relates to.
“Perhaps crucially for coaches, the liability for breaches of the GDPR extends beyond data controllers and companies on to individual data processors themselves,” said Jonathan Passmore, director of Henley Centre for Coaching.
- What should you do? See: Are you GDPR ready?