GET HCM
magazine
Sign up for the FREE digital edition of HCM magazine and also get the HCM ezine and breaking news email alerts.
Not right now, thanksclose this window
Precor UK
Precor UK
Precor UK
Follow Health Club Management on Twitter Like Health Club Management on Facebook Join the discussion with Health Club Management on LinkedIn Follow Health Club Management on Instagram
UNITING THE WORLD OF FITNESS
Health Club Management

Health Club Management

features

Customer data: The right to be forgotten

From 2018, individuals will be able to tell their gym to hand their personal data directly to a competitor’s club, without storage of that data. Tom Walker secures a free legal briefing on this change in law

By Tom Walker, Leisure Media | Published in Health Club Management 2016 issue 5
Consumers are already used to being able to take their personal workout data with them / shutterstock
Consumers are already used to being able to take their personal workout data with them / shutterstock

New data protection rules, introduced by the European Commission and coming into force in 2018, could have a big impact on health and fitness businesses.

One of the key items in the regulations involves the transferring of personal, portable data. It stipulates that individuals have the right to have their personal data transferred from one business to another on request, and without storage/processing.

In practice, this means that a health club user who has given over personal information can have that data wholly and safely transferred to a new health club on their request.

We speak to data and sports law firm Couchmans, as well as health and fitness industry experts, on the potential effects of the new legislation.

THE LEGAL BRIEFING

Nick White
Nick White
Nick White,

Head of IP and digital,

Couchmans LLP


With smart technology on the rise, many businesses, including gyms and leisure facilities, are now harvesting vast quantities of data from customers – something that can benefit both customers and businesses. However, new European data protection rules could potentially necessitate a wholesale review of data policies.

In December 2015, the European Parliament, Commission and Council announced new legislation governing data protection. This new General Data Protection Regulation (or GDPR), replaces the outdated data protection laws that have been in place since 1995 and, from 2018, will apply to all businesses that process in any way the data of EU citizens.

Data portability
One of the key elements of the new rules is the right of ‘data portability’. Essentially, this means individuals will have the right – albeit a limited right – to require a business to transfer personal data directly to another business, even where that other business is a competitor.

Gyms, for example, hold individual details such as name, address, contact details, date of birth and bank details. They might also hold data on customers’ weight, height and limited medical information, and possibly even details of the kinds of activity they want to do or the results they want to achieve. The gym may hold other data too, including dates and times of all the customer’s visits and, potentially, detailed exercise plans produced with a PT.

All of this is personal data – but, importantly, not all of it is portable data in the legal sense. Any data not actually provided by the individual to the gym – which would potentially include any exercise plans and usage logs – would be exempt from the portability rule. It will, however, still be covered by the less potent ‘right of access’, which will only require the operator to provide the data to the customer, on request, in electronic format – without the obligation to provide the data direct to another business.

So, the customer’s right to data portability only applies to data that he or she has actually provided to the data controller – in this case the gym.

The customer will have the right to demand that this data be transmitted directly to another operator should they decide to switch gyms.

The legislation does provide that this obligation will only be imposed where such transmissions are ‘technically feasible’, but what this will mean in practice is far from clear at present. The guidance on this should be forthcoming.

New technology
The GDPR also requires a privacy impact assessment (PIA) to be carried out where the introduction of a new process or technology is likely to cause a high risk to personal rights or freedoms. As more fitness operators introduce wearables and other connected devices, they will have to consider carefully whether they first need to conduct a PIA.

The key message for gyms and leisure facilities is that they must endeavour to understand the types of personal data they process, and what regulations currently, and will shortly, apply. There’s no need to worry unduly but, as 2018’s implementation date draws closer, operators should begin to plan now.

"Gyms must endeavour to understand the types of personal data they process, and what regulations apply"

WHAT DOES THIS MEAN FOR GYMS?

Tom Withers
Tom Withers
Tom Withers ,

Managing director ,

Gladstone Health and Leisure


This new legislation is not unexpected. In today’s digital age, consumers are increasingly dependent on their data being passed seamlessly from one business to another, in everything from utilities to banking.

The GDPR extends beyond data portability; it also enshrines the customer’s right to be forgotten. In future, when businesses ask people to share personal details, there will be new rules for obtaining valid consent that will require simple wording and an expiry date. Neither silence nor inactivity will be construed as consent. Depending on the volume of data held, it may be necessary for a company to employ a data protection officer. Clearly, the implications are far-reaching.

At Gladstone, we’re more prepared than most. Data in our membership management systems can already be purged for customers who are no longer active. Consent is actively sought in online joining applications. Bank details can be removed automatically as part of an automated cancellation process. And we already have tools that allow data to be called securely from a database in order to be transferred to a third party.  

Of note on the issue of portability is the proviso that portability should be provided where it is ‘technically feasible’. Gladstone can call and receive data, but transferring it to other businesses would require other systems to be capable of doing the same, and to share a common leisure industry framework. We’re confident that we’ll be able to leverage our software to meet the requirements of the regulations.

"Transferring data to other businesses will require a common leisure industry framework"

Gladstone already actively seeks consent in online joining applications / PHOTO: SHUTTERSTOCK.COM
Gladstone already actively seeks consent in online joining applications / PHOTO: SHUTTERSTOCK.COM

Jon Johnston,

Managing director,

Matrix

Jon Johnston
Jon Johnston

Data security is an increasingly big issue. A lot of emphasis is placed on hacked data, but it’s also important for consumers to be protected from businesses trading in their data without adequate protection.

In terms of portability of data, it makes sense to me that a consumer will want to take their personal workout stats with them. A lot of consumer data is now shared between apps anyway – with consumer consent – so it’s natural to want to be able to port data between operators.

Some products are already independent of operators or equipment suppliers, like MyFitnessPal and Netpulse, so it can be relatively easy to move from one connected facility to another and keep continuity. Obviously some operators and suppliers are less open, but I don’t see data portability being a big problem.

"A lot of consumer data is shared between apps anyway, so it’s natural to want to port data between operators" - Jon Johnston

Ben Beevers,

Associate director ,

Everyone Active

Ben Beevers
Ben Beevers

The last five to 10 years have become increasingly data-intensive in delivering services to customers and understanding their behaviours and preferences. It allows us to communicate with them effectively and support their activity.

We work with a data consultancy to ensure our systems are robust and effective, and we’re well placed for these changes in legislation. We believe we already comply with the GDPR principles of transparency for the customer about processing and accountability of data controllers and processors. We have clear privacy policies, data collection statements and measures in place to protect customers’ data. We make these as accessible as possible and detail in simple terms how their data will be managed.

Perhaps the biggest challenges for our industry will lie in obtaining the ‘unambiguous consent’ that the new regulation requires. This could mean the industry gets better at communicating with customers by using less, but better targeted, interaction.

The requirement for data portability could be tricky for complex data. The measure is designed to help customers account-switch, but as there’s no obligation to provide the data in a consistent format, data from one gym provider may not be compatible with the systems of another.

WANT TO KNOW MORE?

For more information on the new data protection regulations, contact Nick White, partner at specialist sports law firm Couchmans LLP – www.couchmansllp.com

White advises sports personalities including Mo Farah, Sir Chris Hoy and Sir Clive Woodward, governing bodies including FIFA, the International Tennis Federation and Basketball England and brands such as Rapha and Skins. [email protected]

Sign up here to get HCM's weekly ezine and every issue of HCM magazine free on digital.
https://www.leisureopportunities.co.uk/images/491295_352051.jpg
Customers will soon be able to ask businesses to transfer their personal data to a competitor. Make sure you're ready for the new legislation
Tom Walker, Journalist, Leisure Media Nick White, Head of IP and digital, Couchmans LLP Tom Withers, Managing director, Gladstone Health and Leisure Jon Johnston, Managing director, Matrix Ben Beevers, Associate director, Everyone Active,Personal data, data, legislation, Couchmans, Nick White, Tom Withers, Gladstone, Ben Beevers, Everyone Active, Jon Johnston, Matrix, Tom Walker
HCM magazine
HCM People

Gunnar Peterson

Chief of athletics, F45
Choose consistent over perfect. That’s the long game. It’s never too late to pivot to that mindset
HCM magazine
What to do when your changing rooms need a refresh, but your budget is stretched? These specialists share their top tips for easy upgrades that won’t break the bank
HCM magazine
Fuel the debate about issues and opportunities across the industry. We’d love to hear from you – [email protected]
HCM Magazine
HCM People
We want to break America, get more funding and be the leaders in strength training
HCM Magazine
Annual report
In April, Deloitte and Europe Active published the ninth edition of their yearly European Health and Fitness Market Report, as Karsten Hollasch explains
HCM Magazine
Editor's letter
Having a portfolio of more than 1,000 health club locations is the aim of ambitious operators, with this elite category growing fast, creating new dynamics in the market
HCM Magazine
Sponsored
Yate Leisure is one of the largest sites in Circadian Trust’s portfolio, with around 4,000 members. Ben Beasley, director of commercial development, explains why they were an early adopter of Technogym Biocircuit, and how the offer has evolved
HCM Magazine
Interview
The fitness sector has an unprecedented opportunity to become a credible partner in ensuring the health and wellbeing of the nation, says Mosaic Group MD and new chair of the UK Active Membership Council. He talks to Kate Cracknell
HCM Magazine
Supplier showcase
Pulse Fitness and Bolsover District Council have been collaborating for many years to deliver dedicated community activity spaces
HCM Magazine
HCM People
We’ve set ourselves the initial goal of developing 100 Feel Electric sites, using a cluster model
HCM Magazine
Latest News
A young girl has died following an incident at the David Lloyd gym at Capability ...
Latest News
New fitness franchise, Circuit Society, has signed its first London location in Bayswater. The 3,000sq ...
Latest News
Active Nottingham, part of Nottingham City Council, has released a children’s book called Can We ...
Latest News
The new £42m Moorways Sports Village will open its doors to the public on Saturday ...
Latest News
Fitness industry veteran Harm Tegelaars has returned to the fitness industry by joining the board ...
Latest News
Planet Fitness saw its Q1 2022 revenue increase by 66.9 per cent (to US$186.7m) on ...
Latest News
Sport England and UK Active have signed a five-year partnership agreement which will see the ...
Latest News
Planet Fitness is offering high-school students free access to any of its 2,200 locations in ...
Featured supplier news
Featured supplier news: ACTIV partners with Fisikal to deliver custom branded member experience
ACTIV, a gym chain in Riyadh, Saudi Arabia, which operates separate gyms for men and women, has partnered with digital management solution expert Fisikal to create a custom branded experience for its members.
Featured supplier news
Featured supplier news: Thousands flock to register for Elevate 2022 in London this summer
The health and fitness industry is eagerly awaiting the return of Elevate, which will take place on 15-16 June 2022 at ExCeL London.
Featured operator news
Featured operator news: Serco Leisure wins 10-year Mansfield contract
Following a competitive tendering process, Serco Leisure and its partner More Leisure Community Trust Limited (MLCT) have been awarded a 10-year contract by Mansfield District Council to operate three centres in the town, starting 1 May 2022.
Featured operator news
Featured operator news: New partnership delivers swimming support to children with disabilities
A new partnership has been launched to provide inclusive swimming for children with mobility, visual and hearing disabilities.
Video Gallery
Mindbody, Inc
Total Vibration Solutions / Floors 4 Gyms / TVS Sports Surfaces
Sport Alliance GmbH
Company profiles
Company profile: Safe Space Lockers
We provide a full turn-key solution for clients from design and consultation, through to bespoke ...
Company profiles
Company profile: TVS Group
TVS Group includes TVS Sports Surfaces, TVS Gym Flooring, TVS Play Surfaces and TVS Acoustics. ...
Supplier Showcases
Supplier showcase - Pulse Fitness: trusted partner
Catalogue Gallery
Click on a catalogue to view it online
Directory
Fitness equipment
A Panatta Sport Srl: Fitness equipment
Salt therapy products
Himalayan Source: Salt therapy products
Whole body cryotherapy
Zimmer MedizinSysteme GmbH / icelab: Whole body cryotherapy
Wearable technology solutions
MyZone: Wearable technology solutions
Flooring
Total Vibration Solutions / TVS Sports Surfaces: Flooring
Spa software
SpaBooker: Spa software
On demand
Fitness On Demand: On demand
Management software
Premier Software Solutions: Management software
trade associations
International SPA Association - iSPA: trade associations
Lockers/interior design
Crown Sports Lockers: Lockers/interior design
Property & Tenders
Pendine Sands, Carmarthenshire
Carmarthenshire County Council
Property & Tenders
Runcorn
Halton Borough Council
Property & Tenders
Diary dates
15-16 Jun 2022
ExCeL London, London, United Kingdom
Diary dates
30-30 Jun 2022
The ICC, Birmingham, Birmingham , United Kingdom
Diary dates
12-13 Sep 2022
Wyndham Lake Buena Vista Disney Springs® Resort, Lake Buena Vista, United States
Diary dates
25-28 Oct 2022
Messe Stuttgart, Germany
Diary dates
25-28 Oct 2022
Ibiza, Ibiza, Spain
Diary dates
01-07 Dec 2022
tbc, Dunedin, New Zealand
Diary dates
17-18 Mar 2023
Tobacco Dock, London, United Kingdom
Diary dates

features

Customer data: The right to be forgotten

From 2018, individuals will be able to tell their gym to hand their personal data directly to a competitor’s club, without storage of that data. Tom Walker secures a free legal briefing on this change in law

By Tom Walker, Leisure Media | Published in Health Club Management 2016 issue 5
Consumers are already used to being able to take their personal workout data with them / shutterstock
Consumers are already used to being able to take their personal workout data with them / shutterstock

New data protection rules, introduced by the European Commission and coming into force in 2018, could have a big impact on health and fitness businesses.

One of the key items in the regulations involves the transferring of personal, portable data. It stipulates that individuals have the right to have their personal data transferred from one business to another on request, and without storage/processing.

In practice, this means that a health club user who has given over personal information can have that data wholly and safely transferred to a new health club on their request.

We speak to data and sports law firm Couchmans, as well as health and fitness industry experts, on the potential effects of the new legislation.

THE LEGAL BRIEFING

Nick White
Nick White
Nick White,

Head of IP and digital,

Couchmans LLP


With smart technology on the rise, many businesses, including gyms and leisure facilities, are now harvesting vast quantities of data from customers – something that can benefit both customers and businesses. However, new European data protection rules could potentially necessitate a wholesale review of data policies.

In December 2015, the European Parliament, Commission and Council announced new legislation governing data protection. This new General Data Protection Regulation (or GDPR), replaces the outdated data protection laws that have been in place since 1995 and, from 2018, will apply to all businesses that process in any way the data of EU citizens.

Data portability
One of the key elements of the new rules is the right of ‘data portability’. Essentially, this means individuals will have the right – albeit a limited right – to require a business to transfer personal data directly to another business, even where that other business is a competitor.

Gyms, for example, hold individual details such as name, address, contact details, date of birth and bank details. They might also hold data on customers’ weight, height and limited medical information, and possibly even details of the kinds of activity they want to do or the results they want to achieve. The gym may hold other data too, including dates and times of all the customer’s visits and, potentially, detailed exercise plans produced with a PT.

All of this is personal data – but, importantly, not all of it is portable data in the legal sense. Any data not actually provided by the individual to the gym – which would potentially include any exercise plans and usage logs – would be exempt from the portability rule. It will, however, still be covered by the less potent ‘right of access’, which will only require the operator to provide the data to the customer, on request, in electronic format – without the obligation to provide the data direct to another business.

So, the customer’s right to data portability only applies to data that he or she has actually provided to the data controller – in this case the gym.

The customer will have the right to demand that this data be transmitted directly to another operator should they decide to switch gyms.

The legislation does provide that this obligation will only be imposed where such transmissions are ‘technically feasible’, but what this will mean in practice is far from clear at present. The guidance on this should be forthcoming.

New technology
The GDPR also requires a privacy impact assessment (PIA) to be carried out where the introduction of a new process or technology is likely to cause a high risk to personal rights or freedoms. As more fitness operators introduce wearables and other connected devices, they will have to consider carefully whether they first need to conduct a PIA.

The key message for gyms and leisure facilities is that they must endeavour to understand the types of personal data they process, and what regulations currently, and will shortly, apply. There’s no need to worry unduly but, as 2018’s implementation date draws closer, operators should begin to plan now.

"Gyms must endeavour to understand the types of personal data they process, and what regulations apply"

WHAT DOES THIS MEAN FOR GYMS?

Tom Withers
Tom Withers
Tom Withers ,

Managing director ,

Gladstone Health and Leisure


This new legislation is not unexpected. In today’s digital age, consumers are increasingly dependent on their data being passed seamlessly from one business to another, in everything from utilities to banking.

The GDPR extends beyond data portability; it also enshrines the customer’s right to be forgotten. In future, when businesses ask people to share personal details, there will be new rules for obtaining valid consent that will require simple wording and an expiry date. Neither silence nor inactivity will be construed as consent. Depending on the volume of data held, it may be necessary for a company to employ a data protection officer. Clearly, the implications are far-reaching.

At Gladstone, we’re more prepared than most. Data in our membership management systems can already be purged for customers who are no longer active. Consent is actively sought in online joining applications. Bank details can be removed automatically as part of an automated cancellation process. And we already have tools that allow data to be called securely from a database in order to be transferred to a third party.  

Of note on the issue of portability is the proviso that portability should be provided where it is ‘technically feasible’. Gladstone can call and receive data, but transferring it to other businesses would require other systems to be capable of doing the same, and to share a common leisure industry framework. We’re confident that we’ll be able to leverage our software to meet the requirements of the regulations.

"Transferring data to other businesses will require a common leisure industry framework"

Gladstone already actively seeks consent in online joining applications / PHOTO: SHUTTERSTOCK.COM
Gladstone already actively seeks consent in online joining applications / PHOTO: SHUTTERSTOCK.COM

Jon Johnston,

Managing director,

Matrix

Jon Johnston
Jon Johnston

Data security is an increasingly big issue. A lot of emphasis is placed on hacked data, but it’s also important for consumers to be protected from businesses trading in their data without adequate protection.

In terms of portability of data, it makes sense to me that a consumer will want to take their personal workout stats with them. A lot of consumer data is now shared between apps anyway – with consumer consent – so it’s natural to want to be able to port data between operators.

Some products are already independent of operators or equipment suppliers, like MyFitnessPal and Netpulse, so it can be relatively easy to move from one connected facility to another and keep continuity. Obviously some operators and suppliers are less open, but I don’t see data portability being a big problem.

"A lot of consumer data is shared between apps anyway, so it’s natural to want to port data between operators" - Jon Johnston

Ben Beevers,

Associate director ,

Everyone Active

Ben Beevers
Ben Beevers

The last five to 10 years have become increasingly data-intensive in delivering services to customers and understanding their behaviours and preferences. It allows us to communicate with them effectively and support their activity.

We work with a data consultancy to ensure our systems are robust and effective, and we’re well placed for these changes in legislation. We believe we already comply with the GDPR principles of transparency for the customer about processing and accountability of data controllers and processors. We have clear privacy policies, data collection statements and measures in place to protect customers’ data. We make these as accessible as possible and detail in simple terms how their data will be managed.

Perhaps the biggest challenges for our industry will lie in obtaining the ‘unambiguous consent’ that the new regulation requires. This could mean the industry gets better at communicating with customers by using less, but better targeted, interaction.

The requirement for data portability could be tricky for complex data. The measure is designed to help customers account-switch, but as there’s no obligation to provide the data in a consistent format, data from one gym provider may not be compatible with the systems of another.

WANT TO KNOW MORE?

For more information on the new data protection regulations, contact Nick White, partner at specialist sports law firm Couchmans LLP – www.couchmansllp.com

White advises sports personalities including Mo Farah, Sir Chris Hoy and Sir Clive Woodward, governing bodies including FIFA, the International Tennis Federation and Basketball England and brands such as Rapha and Skins. [email protected]

Sign up here to get HCM's weekly ezine and every issue of HCM magazine free on digital.
https://www.leisureopportunities.co.uk/images/491295_352051.jpg
Customers will soon be able to ask businesses to transfer their personal data to a competitor. Make sure you're ready for the new legislation
Tom Walker, Journalist, Leisure Media Nick White, Head of IP and digital, Couchmans LLP Tom Withers, Managing director, Gladstone Health and Leisure Jon Johnston, Managing director, Matrix Ben Beevers, Associate director, Everyone Active,Personal data, data, legislation, Couchmans, Nick White, Tom Withers, Gladstone, Ben Beevers, Everyone Active, Jon Johnston, Matrix, Tom Walker
Latest News
A young girl has died following an incident at the David Lloyd gym at Capability ...
Latest News
New fitness franchise, Circuit Society, has signed its first London location in Bayswater. The 3,000sq ...
Latest News
Active Nottingham, part of Nottingham City Council, has released a children’s book called Can We ...
Latest News
The new £42m Moorways Sports Village will open its doors to the public on Saturday ...
Latest News
Fitness industry veteran Harm Tegelaars has returned to the fitness industry by joining the board ...
Latest News
Planet Fitness saw its Q1 2022 revenue increase by 66.9 per cent (to US$186.7m) on ...
Latest News
Sport England and UK Active have signed a five-year partnership agreement which will see the ...
Latest News
Planet Fitness is offering high-school students free access to any of its 2,200 locations in ...
Latest News
How can organisations, including health club and leisure businesses, decarbonise, generate clean energy and harness ...
Latest News
Being physically active can counter the damage of diabetes by enabling the activation of a ...
Latest News
Altis, an artificial intelligence-based personal trainer solution, has secured more than US$3m worth of financing, ...
Featured supplier news
Featured supplier news: ACTIV partners with Fisikal to deliver custom branded member experience
ACTIV, a gym chain in Riyadh, Saudi Arabia, which operates separate gyms for men and women, has partnered with digital management solution expert Fisikal to create a custom branded experience for its members.
Featured supplier news
Featured supplier news: Thousands flock to register for Elevate 2022 in London this summer
The health and fitness industry is eagerly awaiting the return of Elevate, which will take place on 15-16 June 2022 at ExCeL London.
Featured operator news
Featured operator news: Serco Leisure wins 10-year Mansfield contract
Following a competitive tendering process, Serco Leisure and its partner More Leisure Community Trust Limited (MLCT) have been awarded a 10-year contract by Mansfield District Council to operate three centres in the town, starting 1 May 2022.
Featured operator news
Featured operator news: New partnership delivers swimming support to children with disabilities
A new partnership has been launched to provide inclusive swimming for children with mobility, visual and hearing disabilities.
Video Gallery
Mindbody, Inc
Total Vibration Solutions / Floors 4 Gyms / TVS Sports Surfaces
Sport Alliance GmbH
Company profiles
Company profile: Safe Space Lockers
We provide a full turn-key solution for clients from design and consultation, through to bespoke ...
Company profiles
Company profile: TVS Group
TVS Group includes TVS Sports Surfaces, TVS Gym Flooring, TVS Play Surfaces and TVS Acoustics. ...
Supplier Showcases
Supplier showcase - Pulse Fitness: trusted partner
Catalogue Gallery
Click on a catalogue to view it online
Directory
Fitness equipment
A Panatta Sport Srl: Fitness equipment
Salt therapy products
Himalayan Source: Salt therapy products
Whole body cryotherapy
Zimmer MedizinSysteme GmbH / icelab: Whole body cryotherapy
Wearable technology solutions
MyZone: Wearable technology solutions
Flooring
Total Vibration Solutions / TVS Sports Surfaces: Flooring
Spa software
SpaBooker: Spa software
On demand
Fitness On Demand: On demand
Management software
Premier Software Solutions: Management software
trade associations
International SPA Association - iSPA: trade associations
Lockers/interior design
Crown Sports Lockers: Lockers/interior design
Property & Tenders
Pendine Sands, Carmarthenshire
Carmarthenshire County Council
Property & Tenders
Runcorn
Halton Borough Council
Property & Tenders
Diary dates
15-16 Jun 2022
ExCeL London, London, United Kingdom
Diary dates
30-30 Jun 2022
The ICC, Birmingham, Birmingham , United Kingdom
Diary dates
12-13 Sep 2022
Wyndham Lake Buena Vista Disney Springs® Resort, Lake Buena Vista, United States
Diary dates
25-28 Oct 2022
Messe Stuttgart, Germany
Diary dates
25-28 Oct 2022
Ibiza, Ibiza, Spain
Diary dates
01-07 Dec 2022
tbc, Dunedin, New Zealand
Diary dates
17-18 Mar 2023
Tobacco Dock, London, United Kingdom
Diary dates
Search news, features & products:
Find a supplier:
Precor UK
Precor UK
Partner sites