On the 25th of May 2018, the European Union’s General Data Protection Regulation (GDPR) comes into effect. These new rules are stricter than before and look to provide increased protection to individuals regarding who has their data, and how this data is used. It means that all businesses which hold data need to re-evaluate their processes.
Even though following the Brexit referendum the UK is leaving the EU, companies will still have to comply; the Data Protection Bill of 2017 has made sure of that. As all golf clubs hold data – for instance, an excel spreadsheet with the names, addresses and phone numbers of all your members – this is something which will definitely impact the golf trade.
The new regulations are comprehensive and introduce new obligations for any organisation that handles data about EU citizens – whether that organisation is located in the EU or not. It places stricter responsibilities on organisations to prove they are adequately managing and protecting personal data.
As a golf club, this will influence them in two main ways, the first being related to correspondence with members and visitors, such as newsletters. All golf pros should have a list containing the data of members and visitors and send out a weekly newsletter to them, keeping them informed of what is happening at the club and what deals and offers are on in the pro shop. Foremost and TGI have both played a big role in highlighting the importance of this. Under the new rules, all clubs must ensure that those receiving any communications have specifically ‘opted in’ – it is no longer enough to send out emails to people who signed up for them years ago. To fully comply with the regulations, you should get everyone on your list to specifically opt-in to receive future communications.
The other part of the new regulations which will specifically have an impact on golf clubs is in the storing of data. Under the new regulations, if a golf pro leaves a list of different members and their personal information out on his desk then they, and the club would be in breach of the new rules. All personal information must be kept in a secure location- this means if it is a sheet which has been printed out it should be in a desk draw which can be locked. If It is on a computer then it should be in an area which is password protected – if it is simply sitting on your desktop for anyone to access then this is a breach.
TGI are taking the GDPR situation so seriously they have assigned their Head of Communications Matt Millard to become their GDPR specialist and have tasked him with leading their Partners through the transitional process. He had this to say about the change. “GDPR will have a major impact on PGA Professionals, particularly from a marketing point of view.
“Many PGA Pros through the years will have obtained their database through their clubs, however, with the stricter regulations coming in, these will no longer be acceptable due to GDPR’s stipulation that an individual has to give ‘explicit consent’ for you to have their details. Therefore, the training and advice we’ve given our Partners is to start again and ask everyone on their database to re-subscribe.
“This may seem like a drastic measure, but it is the road that many companies, charities, and sports teams have gone down, such as Wetherspoons, the RNLI, Manchester United and even this magazine.
“We view it as a great way for our Partners to deep clean their databases and make sure the communications they are sending out are to a receptive and engaged audience.”
GDPR is happening and the fines that can potentially be imposed on any business not complying are significant – up to four percent of a company’s turnover. As the regulations are not yet in place it is anyone’s guess how strictly GDPR will be
implemented and also how, practically, it will be carried out; if a pro has a sheet with members’ details on their desk who will ever know? Regardless, as golf clubs deal with personal data, they need to aware what GDPR is and what they are expected to do to comply.