You’ve read the blogs, watched webinars, attended seminars and even got the T-shirt, but do you really know what you need to do to comply with the new regulations?
Mary Nash, Trusted Coach Directory admin assistant, has spent months getting to grips with what we needed to do to comply, and has kindly put together a very simple check-list for you.
Mary’s 5 Top Tips
- Identify & record every system/location (online & paper) where you store personal and/or sensitive information and consider:
- Do you need to store all that information in those locations?
- How long do you need to keep it for?
- Have you informed your data subjects what/where/how you’re storing that information?
- If anyone wishes you to remove their personal/sensitive data, do you have a clear process to do this from every location? Is there any data you need to keep to manage your business?
- Are all your online systems reputable and safe. Do you know what their privacy policies are? Do you know where they are storing your data?
2. Where are your greatest data protection risks?
- How could any unauthorised person access or see any personal/sensitive data? Who? Where? How? Particularly if you run your business from home, could any family members see names in your diary? Papers on your desk/on your shelves?
- What would the effect be of any DP breach on your client/coachee? On you or your business?
- Is there anything you can do to reduce the risks?
3. Are you getting/do you have proper consent? Previous clients? Mailing lists?
- Can you evidence the consent – if not you may have to obtain it again or delete historic info
4. Do you have adequate policies & procedures? Simple and clear is best.
- On your website/published.
- Regular reviews scheduled?
5. How are you managing passwords?
- Different for every site?
- Not written down, or entered into a secure password manager?
You may find it helpful to record what data you store in a simple table with the following headings:
- Type of data (e.g. coachees, mailing list, partners, suppliers)
- Method of consent
- Opt-out/ withdrawal options
- Systems used to store (online programmes e.g. Mailchimp, paper files etc)
- Timings/process for reviewing (whether this data needs to be kept)
- Retention periods
- Other notes
When obtaining consent from clients, it is essential to be clear about when you may breach confidentiality. The following statement may be helpful:
I consent to my personal information being securely stored and used by xxx solely for the purpose of providing coaching services. My details will not be shared with any third parties, except in the following circumstances (as outlined in the Association for Coaching’s Code of Ethics): where required by law, disclosure of illegal activity, danger to self, and anonymously during my Supervision sessions which themselves are confidential.
If you have any questions about confidentiality or security of your data, please discuss with me first to ensure you are comfortable with our arrangements.
For more information visit the ICO website