MoveGB
MoveGB
MoveGB
Health Club Management

Health Club Management

Follow Health Club Management on Twitter Like Health Club Management on Facebook Join the discussion with Health Club Management on LinkedIn Follow Health Club Management on Instagram
UNITING THE WORLD OF FITNESS
Get the latest news, jobs and features in your inbox
Health Club Management

Health Club Management

features

Sponsored briefing: Preparing for the GDPR – how to store and secure member data

With the new General Data Protection Regulation (GDPR) on the horizon, Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital operators take action on how they store and secure all member data

Published in Health Club Management 2017 issue 11
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
Leisure and gym operators are custodians of a huge volume of detailed personal information on members, making our industry not only a soft target, but also an attractive one - Paul Simpson

Rarely a week goes by without news of a data security breach hitting the headlines, with issues such as the global WannaCry ransomware attack – which crippled parts of the NHS – and our own industry-specific PayAsUGym attack in December 2016 heightening fears for the wider industry.

Unfortunately, this increased awareness isn’t leading to action to improve matters. Furthermore, ignorance about basic data security principles and obligations is placing the industry at significant risk of everything from accidental misadventure to financial fraud, with the repercussions ranging from regulatory fines and brand damage to business failure.

Data vulnerability
Leisure and gym operators are custodians of a huge volume of detailed personal information about members and customers, making our industry not only a soft target, but also an attractive one.
To safeguard valuable information, think about your data assets. What information do you hold on your customers? Where is it stored? Is it up to date? Is it still required? Is it digital, or are paper records still in use? Are your employees accessing information via their own mobile devices?

Data breaches occur in many forms, including password theft, physical attacks and the biggest threat of all – user error.

Common user error breaches include obvious examples, such as incorrect handling of credit card data, and less obvious examples, such as paper-based customer information being stored in unlocked filing cabinets.

Routine tasks undertaken by front of house staff are often conducted without data safeguards in place and in many cases, too little staff training is provided on data security protocols and their importance, leaving operators vulnerable.

This situation is complicated by the nature of the industry. For example, staff turnover makes it challenging to ensure training is given to all staff who are handling customer data. The result is inadequate security, which jeopardises both the customer and the operator.

Better Guidance
In our unregulated industry there has historically been little or no guidance provided to staff regarding the safeguarding of information.

In addition, although existing legislation – such as the Data Protection Act (DPA), and the Payment Card Industry Data Security Standards (PCI DSS) – requires adherence to very specific data security processes and policies, many in the industry would be hard pressed to demonstrate compliance, leaving them in a highly vulnerable position.

The situation will become even more challenging in May 2018, when the EU’s new General Data Protection Regulation (GDPR) comes into effect, bringing with it higher penalties and even more stringent requirements regarding information security, as well as the need to inform any individual affected by a data breach within 72 hours.

In short, GDPR demands the attention of all businesses and operators who hold customer data of any kind.

Business Implications
The UK Payment Card Industry Security Standards Council (PCI SSC) has warned that UK businesses could face up to £122bn in penalties for data breaches when the GDPR comes into effect. It has also stated that fines are likely to be dwarfed by the reputational damage incurred by data breaches.

If customers lose confidence in an establishment’s ability to safeguard personal data, then the online portals and payment processes that have streamlined our businesses so effectively over recent years will be put at risk.

Creating a New Ethos: Confidentiality, Availability & Integrity
So now is the time to take action. Only by considering every piece of information in line with three guiding principles – confidentiality, availability and integrity – can you begin to protect your data.

• Confidentiality
Assurance of data privacy is achieved by ensuring it’s only accessed by authorised individuals and that excellent access controls and good internal processes are in place for the use of paper-based documentation.

• Availability
This demands that data is available whenever it’s needed – a ransomware attack, for example, denies this.

• Integrity
Achieving data integrity is all about ensuring it’s accurate and up to date.

There are two areas of GDPR where focus is needed. One is consent, which imposes robust criteria on you to obtain permission from individuals for the processing of their data. The second is data retention, and the individual’s ‘right to be forgotten’.

These two areas need careful assessment to ensure there’s a clear case for holding data for specific time periods and that consent has been given to do so.

Next steps
The coming of the GDPR is a real opportunity for leisure and health and fitness businesses to embrace the chance to make huge improvements to the way their extremely valuable data is stored and handled.

It's also the time to expand the current view of information beyond that which is held electronically to include all information assets in the business, both digital and paper-based. Finally, it's time to embed best practice into all daily operations. This includes improving physical infrastructure and creating a robust, ethical security culture, that protects customer data, for the long-term.

To learn more about how Legend has helped its customers get ready for the arrival of the fast-approaching GDPR legislation, please visit our website at: www.legendware.co.uk/accreditations

Paul Simpson
Paul Simpson

Paul Simpson, Legend’s chief operating officer, is responsible for Legend’s ISO27001 Information Security Management accreditation.

Simpson makes his expertise available to those who have industry GDPR/ information security concerns. He can be contacted at: gdpr@legendware.co.uk

http://www.leisureopportunities.com/images/299762_993010.jpg
Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital for operators to take action on how they store and secure all member data
People
The boxing entrepreneur aims to help people ‘unleash the fighter within’ to better handle life’s challenges, with the slogan, ‘It’s not yours until you fight for it’
People
HCM people

Lisa Smosarski

Editor in chief – Stylist magazine
We watch trends closely at Stylist and we’ve seen a real growth in women strength training as a way of reclaiming a traditionally male sp
People
My dream is for our industry to have a much more significant impact on global health; there is still so much more we can do - Rasmus Ingerslev
Features
Strength training
You may be able to help your members and customers avoid or reverse osteoporosis by encouraging weight bearing activities, as Liz Terry reports
Features
Asia
Over 300 fitness executives gathered in Singapore recently for the World Fit Summit. HCM’s Steph Eaves attended to chat with CEO and founder Ross Campbell and find out more about the industry in Asia
Features
Member payments
It’s essential for clubs that the payment process is as easy to use as possible. HCM caught up with some of the leading member payment services to find out how they’re helping clubs
Features
ukactive
Following the ActiveLab Live! finale at the recent Active Uprising conference, we take a look at startups that are using technology to help people become healthier and more active
Features
Retention
Are you optimising HIIT for your members, or are they put off by the pain? Abigail Harris looks at research into ways to better support members towards a positive outcome
Features
Retention
There’s no one thing that will fix your member retention, but clarity of mission, a strong culture and an eye for data will drive significant change. Kate Cracknell reports from this year’s Retention Convention
Features
Statistics
The fitness market in Europe is entering a new phase of growth according to the European Health & Fitness Market Report 2019 by EuropeActive and Deloitte. HCM reports
Features
Flooring
With the increase in popularity of functional training, the floor is increasingly becoming a piece of equipment in itself. Kath Hudson investigates
Features
Active ageing
The older people get, the more likely they are to have a long term health condition. But getting ill is not an inevitable consequence of getting older, so targeting the over 50s market could bring about multiple wins. Kath Hudson reports
Features
Innovation
Silicon Valley hacker Dave Asprey used his tech skills to gather the latest fitness kit to create a bio hacking boutique. Kath Hudson investigates
Features
Promotional Feature
Promotional feature
EMS training is a great opportunity to differentiate your offering in a crowded fitness market. The kit requires very little space and the business model can be extremely lucrative - Phil Horton, miha bodytec
Latest News
Life Fitness has appointed Chris Clawson as its CEO, succeeding the outgoing Jason Worthy. Clawson ...
Latest News
Exercise has the ability to improve brain function in previously sedentary, overweight individuals. The University ...
Latest News
Fitness equipment giant Nautilus has named James "Jim" Barr IV as its chief executive officer. ...
Latest News
Leading UK cancer charities have called for newly diagnosed to be prescribed exercise and nutrition ...
Latest News
Pure Gym has appointed Premier Global NASM as its exclusive UK fitness training provider. The ...
Latest News
Solent University has officially opened its new £28m sports and fitness centre. The centre houses ...
Latest News
David Lloyd Clubs (DLC) has revealed plans to become the first fitness operator to commit ...
Latest News
Fitness subscription platform ClassPass has appointed a UK general manager as it looks to grow ...
Job search
POST YOUR JOB
Featured supplier news
Featured supplier: Myzone vs. wrist trackers
According to ACSM’s Health and Fitness Journal, wearables trumped the top spot for trends in 2019. However, the question between Myzone or wrist trackers still stands.
Featured supplier news
Featured supplier: Crown overhaul changing rooms at Saunton Sands spa
Saunton Sands Hotel in Devon, UK, has completed a £2m expansion of its spa and wellness facilities.
Opinion
promotion
Member retention is a growing problem for long-established gym chains, who are battling the growing budget and boutique gym market.
Opinion: Are you trying to beat budget gyms at their own game?
Video Gallery
DFC: We do more...
DFC
DFC are a leading direct debit collection company, providing cash flow solutions to happy clients from all over the UK. Read more
More videos:
Company profiles
Company profile: Incorpore Ltd
Incorpore is a leading fitness and wellness company who have been successfully delivering solutions to ...
Company profiles
Company profile: Balanced Body®
Stocked in the UK for fast, costeffective delivery, Balanced Body® delivers versatile and space-saving mind-body ...
Catalogue Gallery
Click on a catalogue to view it online
Directory
Trade associations
International SPA Association - iSPA: Trade associations
Skincare
Sothys: Skincare
Whole body cryotherapy
Zimmer MedizinSysteme GmbH / icelab: Whole body cryotherapy
Architects/designers
Zynk Design Consultants: Architects/designers
Professional services
Deloitte UK: Professional services
Lockers/interior design
Safe Space Lockers Ltd: Lockers/interior design
Flooring
Total Vibration Solutions Ltd: Flooring
Locking solutions
Ojmar: Locking solutions
Fitness equipment
Shapewatch: Fitness equipment
Spa software
SpaBooker: Spa software
Property & Tenders
Diary dates
23-25 Jul 2019
Melbourne Convention and Exhibition Centre, Melbourne, Australia
Diary dates
05-06 Sep 2019
TagusPark, Oeiras, Portugal
Diary dates

features

Sponsored briefing: Preparing for the GDPR – how to store and secure member data

With the new General Data Protection Regulation (GDPR) on the horizon, Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital operators take action on how they store and secure all member data

Published in Health Club Management 2017 issue 11
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
Leisure and gym operators are custodians of a huge volume of detailed personal information on members, making our industry not only a soft target, but also an attractive one - Paul Simpson

Rarely a week goes by without news of a data security breach hitting the headlines, with issues such as the global WannaCry ransomware attack – which crippled parts of the NHS – and our own industry-specific PayAsUGym attack in December 2016 heightening fears for the wider industry.

Unfortunately, this increased awareness isn’t leading to action to improve matters. Furthermore, ignorance about basic data security principles and obligations is placing the industry at significant risk of everything from accidental misadventure to financial fraud, with the repercussions ranging from regulatory fines and brand damage to business failure.

Data vulnerability
Leisure and gym operators are custodians of a huge volume of detailed personal information about members and customers, making our industry not only a soft target, but also an attractive one.
To safeguard valuable information, think about your data assets. What information do you hold on your customers? Where is it stored? Is it up to date? Is it still required? Is it digital, or are paper records still in use? Are your employees accessing information via their own mobile devices?

Data breaches occur in many forms, including password theft, physical attacks and the biggest threat of all – user error.

Common user error breaches include obvious examples, such as incorrect handling of credit card data, and less obvious examples, such as paper-based customer information being stored in unlocked filing cabinets.

Routine tasks undertaken by front of house staff are often conducted without data safeguards in place and in many cases, too little staff training is provided on data security protocols and their importance, leaving operators vulnerable.

This situation is complicated by the nature of the industry. For example, staff turnover makes it challenging to ensure training is given to all staff who are handling customer data. The result is inadequate security, which jeopardises both the customer and the operator.

Better Guidance
In our unregulated industry there has historically been little or no guidance provided to staff regarding the safeguarding of information.

In addition, although existing legislation – such as the Data Protection Act (DPA), and the Payment Card Industry Data Security Standards (PCI DSS) – requires adherence to very specific data security processes and policies, many in the industry would be hard pressed to demonstrate compliance, leaving them in a highly vulnerable position.

The situation will become even more challenging in May 2018, when the EU’s new General Data Protection Regulation (GDPR) comes into effect, bringing with it higher penalties and even more stringent requirements regarding information security, as well as the need to inform any individual affected by a data breach within 72 hours.

In short, GDPR demands the attention of all businesses and operators who hold customer data of any kind.

Business Implications
The UK Payment Card Industry Security Standards Council (PCI SSC) has warned that UK businesses could face up to £122bn in penalties for data breaches when the GDPR comes into effect. It has also stated that fines are likely to be dwarfed by the reputational damage incurred by data breaches.

If customers lose confidence in an establishment’s ability to safeguard personal data, then the online portals and payment processes that have streamlined our businesses so effectively over recent years will be put at risk.

Creating a New Ethos: Confidentiality, Availability & Integrity
So now is the time to take action. Only by considering every piece of information in line with three guiding principles – confidentiality, availability and integrity – can you begin to protect your data.

• Confidentiality
Assurance of data privacy is achieved by ensuring it’s only accessed by authorised individuals and that excellent access controls and good internal processes are in place for the use of paper-based documentation.

• Availability
This demands that data is available whenever it’s needed – a ransomware attack, for example, denies this.

• Integrity
Achieving data integrity is all about ensuring it’s accurate and up to date.

There are two areas of GDPR where focus is needed. One is consent, which imposes robust criteria on you to obtain permission from individuals for the processing of their data. The second is data retention, and the individual’s ‘right to be forgotten’.

These two areas need careful assessment to ensure there’s a clear case for holding data for specific time periods and that consent has been given to do so.

Next steps
The coming of the GDPR is a real opportunity for leisure and health and fitness businesses to embrace the chance to make huge improvements to the way their extremely valuable data is stored and handled.

It's also the time to expand the current view of information beyond that which is held electronically to include all information assets in the business, both digital and paper-based. Finally, it's time to embed best practice into all daily operations. This includes improving physical infrastructure and creating a robust, ethical security culture, that protects customer data, for the long-term.

To learn more about how Legend has helped its customers get ready for the arrival of the fast-approaching GDPR legislation, please visit our website at: www.legendware.co.uk/accreditations

Paul Simpson
Paul Simpson

Paul Simpson, Legend’s chief operating officer, is responsible for Legend’s ISO27001 Information Security Management accreditation.

Simpson makes his expertise available to those who have industry GDPR/ information security concerns. He can be contacted at: gdpr@legendware.co.uk

http://www.leisureopportunities.com/images/299762_993010.jpg
Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital for operators to take action on how they store and secure all member data
Latest News
Life Fitness has appointed Chris Clawson as its CEO, succeeding the outgoing Jason Worthy. Clawson ...
Latest News
Exercise has the ability to improve brain function in previously sedentary, overweight individuals. The University ...
Latest News
Fitness equipment giant Nautilus has named James "Jim" Barr IV as its chief executive officer. ...
Latest News
Leading UK cancer charities have called for newly diagnosed to be prescribed exercise and nutrition ...
Latest News
Pure Gym has appointed Premier Global NASM as its exclusive UK fitness training provider. The ...
Latest News
Solent University has officially opened its new £28m sports and fitness centre. The centre houses ...
Latest News
David Lloyd Clubs (DLC) has revealed plans to become the first fitness operator to commit ...
Latest News
Fitness subscription platform ClassPass has appointed a UK general manager as it looks to grow ...
Latest News
Bannatyne Group has named Karen Wilkinson to the board of Bannatyne Fitness. The appointment comes ...
Latest News
UK children will be offered a greater opportunity to take part in 60 minutes of ...
Latest News
Regular exercise, a balanced diet, quitting smoking and cutting down on alcohol are the best ...
Job search
POST YOUR JOB
Featured supplier news
Featured supplier: Myzone vs. wrist trackers
According to ACSM’s Health and Fitness Journal, wearables trumped the top spot for trends in 2019. However, the question between Myzone or wrist trackers still stands.
Featured supplier news
Featured supplier: Crown overhaul changing rooms at Saunton Sands spa
Saunton Sands Hotel in Devon, UK, has completed a £2m expansion of its spa and wellness facilities.
Opinion
promotion
Member retention is a growing problem for long-established gym chains, who are battling the growing budget and boutique gym market.
Opinion: Are you trying to beat budget gyms at their own game?
Video Gallery
DFC: We do more...
DFC
DFC are a leading direct debit collection company, providing cash flow solutions to happy clients from all over the UK. Read more
More videos:
Company profiles
Company profile: Incorpore Ltd
Incorpore is a leading fitness and wellness company who have been successfully delivering solutions to ...
Company profiles
Company profile: Balanced Body®
Stocked in the UK for fast, costeffective delivery, Balanced Body® delivers versatile and space-saving mind-body ...
Catalogue Gallery
Click on a catalogue to view it online
Directory
Trade associations
International SPA Association - iSPA: Trade associations
Skincare
Sothys: Skincare
Whole body cryotherapy
Zimmer MedizinSysteme GmbH / icelab: Whole body cryotherapy
Architects/designers
Zynk Design Consultants: Architects/designers
Professional services
Deloitte UK: Professional services
Lockers/interior design
Safe Space Lockers Ltd: Lockers/interior design
Flooring
Total Vibration Solutions Ltd: Flooring
Locking solutions
Ojmar: Locking solutions
Fitness equipment
Shapewatch: Fitness equipment
Spa software
SpaBooker: Spa software
Property & Tenders
Diary dates
23-25 Jul 2019
Melbourne Convention and Exhibition Centre, Melbourne, Australia
Diary dates
05-06 Sep 2019
TagusPark, Oeiras, Portugal
Diary dates
Search news, features & products:
Find a supplier:
MoveGB
MoveGB