GDPR – are you ready?

On the 25th of May 2018 the European Union’s General Data Protection Regulation (GDPR) comes into effect. These new rules are stricter than before and look to provide increased protection to individuals regarding who has their data, and how this data is used. It means that all businesses which hold data need to re-evaluate their processes.

Even though the UK is leaving the EU companies will still have to comply; although what happens after Brexit regarding this matter is unclear the government has suggested that the basis of the new law will remain in place. As all golf clubs hold data – for instance an excel spreadsheet with the names, addresses and phone numbers of all your members – this is something which will definitely impact the golf trade.

The new regulations are comprehensive and introduces new obligations for any organisation that handles data about EU citizens – whether that organisation is located in the EU or not. It places stricter responsibilities on organisations to prove they are adequately managing and protecting personal data.

As a golf club this will influence them in two main ways, the first being related to correspondence with members and visitors, such as newsletters. All golf pros should have a list containing the data of members and visitors and send out a weekly newsletter to them, keeping them informed of what is happening at the club and what deals and offers are on in the pro shop. Foremost and TGI have both played a big role in highlighting the importance of this. Under the new rules all clubs must ensure that those receiving any communications have specifically ‘opted in’ – it is no longer enough to send out emails to people who signed up for them years ago. To fully comply with the regulations you should get everyone on your list to specifically opt in to receive future communications.

The other part of the new regulations which will specifically have an impact on golf clubs is in the storing of data. Under the new regulations, if a golf pro leaves a list of different members and their personal information out on his desk then they, and the club, would be in breach of the new rules. All personal information must be kept in a secure location – this means if it is a sheet which has been printed out it should be in a desk draw which can be locked. If it is on a computer then it should be in an area which is password protected – if it is simply sitting on your desktop for anyone to access then this is a breach.

GDPR will happen and the fines that can potentially be imposed to any business not complying are significant – up to four per cent of a company’s turnover. As the regulations are not yet in place it is anyone’s guess how strictly GDPR will be implemented and also how, practically, it will be carried out; if a pro has a sheet with members’ details on their desk who will ever know? Regardless, as golf clubs deal with personal data, they need to aware what GDPR is and what they are expected to do to comply.

 For more information check out the website of the Information Commissioners’ Office on https://ico.org.uk/ where there is a 12-step guide which can be downloaded.