GET HCM
magazine
Sign up for the FREE digital edition of HCM magazine and also get the HCM ezine and breaking news email alerts.
Not right now, thanksclose this window
JP Lennard
JP Lennard
JP Lennard
Follow Health Club Management on Twitter Like Health Club Management on Facebook Join the discussion with Health Club Management on LinkedIn Follow Health Club Management on Instagram
UNITING THE WORLD OF FITNESS
Health Club Management

Health Club Management

features

Sponsored briefing: Legend - Data Matters

With the new General Data Protection Regulation (GDPR) on the horizon, Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital operators take action on how they store and secure all member data

Published in Health Club Management 2017 issue 11
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
Leisure and gym operators are custodians of a huge volume of detailed personal information on members, making our industry not only a soft target, but also an attractive one - Paul Simpson

Rarely a week goes by without news of a data security breach hitting the headlines, with issues such as the global WannaCry ransomware attack – which crippled parts of the NHS – and our own industry-specific PayAsUGym attack in December 2016 heightening fears for the wider industry.

Unfortunately, this increased awareness isn’t leading to action to improve matters. Furthermore, ignorance about basic data security principles and obligations is placing the industry at significant risk of everything from accidental misadventure to financial fraud, with the repercussions ranging from regulatory fines and brand damage to business failure.

Data vulnerability
Leisure and gym operators are custodians of a huge volume of detailed personal information about members and customers, making our industry not only a soft target, but also an attractive one.
To safeguard valuable information, think about your data assets. What information do you hold on your customers? Where is it stored? Is it up to date? Is it still required? Is it digital, or are paper records still in use? Are your employees accessing information via their own mobile devices?

Data breaches occur in many forms, including password theft, physical attacks and the biggest threat of all – user error.

Common user error breaches include obvious examples, such as incorrect handling of credit card data, and less obvious examples, such as paper-based customer information being stored in unlocked filing cabinets.

Routine tasks undertaken by front of house staff are often conducted without data safeguards in place and in many cases, too little staff training is provided on data security protocols and their importance, leaving operators vulnerable.

This situation is complicated by the nature of the industry. For example, staff turnover makes it challenging to ensure training is given to all staff who are handling customer data. The result is inadequate security, which jeopardises both the customer and the operator.

Better Guidance
In our unregulated industry there has historically been little or no guidance provided to staff regarding the safeguarding of information.

In addition, although existing legislation – such as the Data Protection Act (DPA), and the Payment Card Industry Data Security Standards (PCI DSS) – requires adherence to very specific data security processes and policies, many in the industry would be hard pressed to demonstrate compliance, leaving them in a highly vulnerable position.

The situation will become even more challenging in May 2018, when the EU’s new General Data Protection Regulation (GDPR) comes into effect, bringing with it higher penalties and even more stringent requirements regarding information security, as well as the need to inform any individual affected by a data breach within 72 hours.

In short, GDPR demands the attention of all businesses and operators who hold customer data of any kind.

Business Implications
The UK Payment Card Industry Security Standards Council (PCI SSC) has warned that UK businesses could face up to £122bn in penalties for data breaches when the GDPR comes into effect. It has also stated that fines are likely to be dwarfed by the reputational damage incurred by data breaches.

If customers lose confidence in an establishment’s ability to safeguard personal data, then the online portals and payment processes that have streamlined our businesses so effectively over recent years will be put at risk.

Creating a New Ethos: Confidentiality, Availability & Integrity
So now is the time to take action. Only by considering every piece of information in line with three guiding principles – confidentiality, availability and integrity – can you begin to protect your data.

• Confidentiality
Assurance of data privacy is achieved by ensuring it’s only accessed by authorised individuals and that excellent access controls and good internal processes are in place for the use of paper-based documentation.

• Availability
This demands that data is available whenever it’s needed – a ransomware attack, for example, denies this.

• Integrity
Achieving data integrity is all about ensuring it’s accurate and up to date.

There are two areas of GDPR where focus is needed. One is consent, which imposes robust criteria on you to obtain permission from individuals for the processing of their data. The second is data retention, and the individual’s ‘right to be forgotten’.

These two areas need careful assessment to ensure there’s a clear case for holding data for specific time periods and that consent has been given to do so.

Next steps
The coming of the GDPR is a real opportunity for leisure and health and fitness businesses to embrace the chance to make huge improvements to the way their extremely valuable data is stored and handled.

It's also the time to expand the current view of information beyond that which is held electronically to include all information assets in the business, both digital and paper-based. Finally, it's time to embed best practice into all daily operations. This includes improving physical infrastructure and creating a robust, ethical security culture, that protects customer data, for the long-term.

To learn more about how Legend has helped its customers get ready for the arrival of the fast-approaching GDPR legislation, please visit our website at: www.legendware.co.uk/accreditations

Paul Simpson
Paul Simpson

Paul Simpson, Legend’s chief operating officer, is responsible for Legend’s ISO27001 Information Security Management accreditation.

Simpson makes his expertise available to those who have industry GDPR/ information security concerns. He can be contacted at: [email protected]

Sign up here to get HCM's weekly ezine and every issue of HCM magazine free on digital.
https://www.leisureopportunities.co.uk/images/299762_993010.jpg
Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital for operators to take action on how they store and secure all member data
Paul Simpson, chief operating officer, Legend Club Management Systems,Legend Club Management Systems, Paul Simpson, member data,
HCM magazine
As our sector starts to recover, there will be changes in the needs of communities, consumers and the provision of opportunities. To explore this subject we hosted a virtual round table to better understand views on key workforce questions
HCM magazine
CV kit has been fully connective for some time, but with the rise of the hybrid gym goer, what are strength suppliers doing to meet the demand for a fully connected offer?
HCM magazine
Physical activity gives structure and meaning to people’s lives, according to new research
HCM Magazine
Sponsored
As the UK’s first dedicated development framework for leisure comes to the end of its initial four-year term, Jamie Groves and Sarah Watts discuss the impact
HCM Magazine
Supplier showcase
Safe Space Lockers has extended its partnership with boutique fitness franchise TRIB3, in a new 10-site supplier agreement, following the recent installation at TRIB3 Edinburgh
HCM Magazine
Sponsored
Daniel Jones is the brains behind Orbit4, the world’s first digital ecosystem to manage and facilitate the entire commercial fitness product cycle. We caught up with him at Orbit4 HQ in Cheshire
HCM Magazine
Profile
Kath Hudson talks to the thought-leader and trailblazer
HCM Magazine
Sponsored
Come join the party!
HCM Magazine
Interview
The co-founder of Pure Group is now growing the Bricks Group, a new business based on student wellness accommodation, fitness, and hospitality, with a new gym chain currently launching in the UK and Europe, as he explains to Liz Terry
HCM Magazine
Opinion
Moving Communities is our chance to demonstrate our value and develop a universal service for all, argues Martyn Allison
HCM Magazine
Latest News
Reports in today's national media, including the Daily Telegraph and Sky News, suggests the UK ...
Latest News
Operating a further four weeks at reduced capacity will place serious pressure on English fitness ...
Latest News
People experiencing homelessness are being offered free access to leisure centres by Oxford City Council. ...
Latest News
IHRSA has appointed Elizabeth Clark as its new president and CEO. Clark joins the industry ...
Latest News
Boutique studio operator TRIB3 has launched its own-brand range of luxury toiletries. The operator, which ...
Latest News
Rainer Schaller's RSG Group is bringing its John Reed brand of health clubs to the ...
Latest News
The government needs to urgently set out its plans to support physical activity and fitness ...
Latest News
Glofox will begin offering health clubs, gyms and fitness studios instant access to financing, following ...
Opinion
promotion
While much of the fitness industry has reopened its doors across the UK over the past weeks, many members are yet to return.
Opinion: Re-engaging your post-lockdown absent members
Featured supplier news
Featured supplier news: Celebrating the return of group exercise – Les Mills to host free ‘Fastest Way Back’ livestream event for the industry
Last month (May) saw the welcomed return of group exercise classes. Group exercise is the heartbeat for so many clubs, with in-studio and instructor-led live experiences at the pinnacle.
Featured supplier news
Featured supplier news: Active IQ launches two industry-ready health and fitness diplomas
Active IQ has launched two new qualifications – the Level 2 Diploma in Health and Fitness and Level 3 Diploma in Health and Fitness – to help engage learners in an industry-ready training experience that can be tailored to suit local employer needs.
Featured operators news
Featured operator news: Everyone Active generates £342m in social value
Award-winning leisure operator Everyone Active generated £342million in social value at its sites across the country in 2019/20.
Featured operators news
Featured operator news: Everyone Active bolsters Everyone on Demand and enters second year with five new partnerships
Everyone Active has signed a number of new deals which will see the operator strengthen its digital product offering, Everyone on Demand.
Company profiles
Company profile: fibodo Limited
fibodo is the digital solution helping people lead healthier and happier lives. From grassroots individual ...
Company profiles
Company profile: Xn Leisure Systems Ltd
Xn Leisure is a provider of cutting-edge health and fitness software, offering an exceptional service ...
Supplier Showcases
Supplier showcase - Safe Space: Changing concept
Catalogue Gallery
Click on a catalogue to view it online
Directory
Exercise equipment
Power Plate: Exercise equipment
Spa software
SpaBooker: Spa software
Whole body cryotherapy
Art of Cryo: Whole body cryotherapy
Independent service & maintenance
Servicesport UK Limited: Independent service & maintenance
Uniforms
Service Sport: Uniforms
Fitness equipment
Precor: Fitness equipment
Hydrotherapy / spa fragrances
Kemitron GmbH: Hydrotherapy / spa fragrances
Skincare
Comfort Zone - Davines S.p.A: Skincare
Management software
Premier Software Solutions: Management software
Architects/designers
Zynk Design Consultants: Architects/designers
Property & Tenders
Pendine Sands, Carmarthenshire
Carmarthenshire County Council
Property & Tenders
Diary dates
01-04 Jul 2021
Expo Centre & Riviera di Rimini, Italy
Diary dates
18-19 Sep 2021
Locations worldwide,
Diary dates
21-24 Sep 2021
Messe Stuttgart, Germany
Diary dates
28-29 Sep 2021
ExCeL London, London, United Kingdom
Diary dates
04-07 Nov 2021
Exhibition Centre , Cologne, Germany
Diary dates
01-07 Dec 2022
tbc, Dunedin, New Zealand
Diary dates

features

Sponsored briefing: Legend - Data Matters

With the new General Data Protection Regulation (GDPR) on the horizon, Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital operators take action on how they store and secure all member data

Published in Health Club Management 2017 issue 11
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
New laws about how you hold your data come into effect in 2018 and demand attention now to avoid regulatory fines / PHOTO: SHUTTERSTOCK.COM
Leisure and gym operators are custodians of a huge volume of detailed personal information on members, making our industry not only a soft target, but also an attractive one - Paul Simpson

Rarely a week goes by without news of a data security breach hitting the headlines, with issues such as the global WannaCry ransomware attack – which crippled parts of the NHS – and our own industry-specific PayAsUGym attack in December 2016 heightening fears for the wider industry.

Unfortunately, this increased awareness isn’t leading to action to improve matters. Furthermore, ignorance about basic data security principles and obligations is placing the industry at significant risk of everything from accidental misadventure to financial fraud, with the repercussions ranging from regulatory fines and brand damage to business failure.

Data vulnerability
Leisure and gym operators are custodians of a huge volume of detailed personal information about members and customers, making our industry not only a soft target, but also an attractive one.
To safeguard valuable information, think about your data assets. What information do you hold on your customers? Where is it stored? Is it up to date? Is it still required? Is it digital, or are paper records still in use? Are your employees accessing information via their own mobile devices?

Data breaches occur in many forms, including password theft, physical attacks and the biggest threat of all – user error.

Common user error breaches include obvious examples, such as incorrect handling of credit card data, and less obvious examples, such as paper-based customer information being stored in unlocked filing cabinets.

Routine tasks undertaken by front of house staff are often conducted without data safeguards in place and in many cases, too little staff training is provided on data security protocols and their importance, leaving operators vulnerable.

This situation is complicated by the nature of the industry. For example, staff turnover makes it challenging to ensure training is given to all staff who are handling customer data. The result is inadequate security, which jeopardises both the customer and the operator.

Better Guidance
In our unregulated industry there has historically been little or no guidance provided to staff regarding the safeguarding of information.

In addition, although existing legislation – such as the Data Protection Act (DPA), and the Payment Card Industry Data Security Standards (PCI DSS) – requires adherence to very specific data security processes and policies, many in the industry would be hard pressed to demonstrate compliance, leaving them in a highly vulnerable position.

The situation will become even more challenging in May 2018, when the EU’s new General Data Protection Regulation (GDPR) comes into effect, bringing with it higher penalties and even more stringent requirements regarding information security, as well as the need to inform any individual affected by a data breach within 72 hours.

In short, GDPR demands the attention of all businesses and operators who hold customer data of any kind.

Business Implications
The UK Payment Card Industry Security Standards Council (PCI SSC) has warned that UK businesses could face up to £122bn in penalties for data breaches when the GDPR comes into effect. It has also stated that fines are likely to be dwarfed by the reputational damage incurred by data breaches.

If customers lose confidence in an establishment’s ability to safeguard personal data, then the online portals and payment processes that have streamlined our businesses so effectively over recent years will be put at risk.

Creating a New Ethos: Confidentiality, Availability & Integrity
So now is the time to take action. Only by considering every piece of information in line with three guiding principles – confidentiality, availability and integrity – can you begin to protect your data.

• Confidentiality
Assurance of data privacy is achieved by ensuring it’s only accessed by authorised individuals and that excellent access controls and good internal processes are in place for the use of paper-based documentation.

• Availability
This demands that data is available whenever it’s needed – a ransomware attack, for example, denies this.

• Integrity
Achieving data integrity is all about ensuring it’s accurate and up to date.

There are two areas of GDPR where focus is needed. One is consent, which imposes robust criteria on you to obtain permission from individuals for the processing of their data. The second is data retention, and the individual’s ‘right to be forgotten’.

These two areas need careful assessment to ensure there’s a clear case for holding data for specific time periods and that consent has been given to do so.

Next steps
The coming of the GDPR is a real opportunity for leisure and health and fitness businesses to embrace the chance to make huge improvements to the way their extremely valuable data is stored and handled.

It's also the time to expand the current view of information beyond that which is held electronically to include all information assets in the business, both digital and paper-based. Finally, it's time to embed best practice into all daily operations. This includes improving physical infrastructure and creating a robust, ethical security culture, that protects customer data, for the long-term.

To learn more about how Legend has helped its customers get ready for the arrival of the fast-approaching GDPR legislation, please visit our website at: www.legendware.co.uk/accreditations

Paul Simpson
Paul Simpson

Paul Simpson, Legend’s chief operating officer, is responsible for Legend’s ISO27001 Information Security Management accreditation.

Simpson makes his expertise available to those who have industry GDPR/ information security concerns. He can be contacted at: [email protected]

Sign up here to get HCM's weekly ezine and every issue of HCM magazine free on digital.
https://www.leisureopportunities.co.uk/images/299762_993010.jpg
Paul Simpson, chief operating officer of Legend Club Management Systems, explains why it’s vital for operators to take action on how they store and secure all member data
Paul Simpson, chief operating officer, Legend Club Management Systems,Legend Club Management Systems, Paul Simpson, member data,
Latest News
Reports in today's national media, including the Daily Telegraph and Sky News, suggests the UK ...
Latest News
Operating a further four weeks at reduced capacity will place serious pressure on English fitness ...
Latest News
People experiencing homelessness are being offered free access to leisure centres by Oxford City Council. ...
Latest News
IHRSA has appointed Elizabeth Clark as its new president and CEO. Clark joins the industry ...
Latest News
Boutique studio operator TRIB3 has launched its own-brand range of luxury toiletries. The operator, which ...
Latest News
Rainer Schaller's RSG Group is bringing its John Reed brand of health clubs to the ...
Latest News
The government needs to urgently set out its plans to support physical activity and fitness ...
Latest News
Glofox will begin offering health clubs, gyms and fitness studios instant access to financing, following ...
Latest News
Hong Kong-based Bricks Group has revealed plans to launch its health club chain, U Time, ...
Latest News
A £30m luxury leisure development scheme which has been more than a decade in the ...
Latest News
Apple has previewed its much-awaited watchOS 8, the operating system for its Apple Watch. The ...
Opinion
promotion
While much of the fitness industry has reopened its doors across the UK over the past weeks, many members are yet to return.
Opinion: Re-engaging your post-lockdown absent members
Featured supplier news
Featured supplier news: Celebrating the return of group exercise – Les Mills to host free ‘Fastest Way Back’ livestream event for the industry
Last month (May) saw the welcomed return of group exercise classes. Group exercise is the heartbeat for so many clubs, with in-studio and instructor-led live experiences at the pinnacle.
Featured supplier news
Featured supplier news: Active IQ launches two industry-ready health and fitness diplomas
Active IQ has launched two new qualifications – the Level 2 Diploma in Health and Fitness and Level 3 Diploma in Health and Fitness – to help engage learners in an industry-ready training experience that can be tailored to suit local employer needs.
Featured operators news
Featured operator news: Everyone Active generates £342m in social value
Award-winning leisure operator Everyone Active generated £342million in social value at its sites across the country in 2019/20.
Featured operators news
Featured operator news: Everyone Active bolsters Everyone on Demand and enters second year with five new partnerships
Everyone Active has signed a number of new deals which will see the operator strengthen its digital product offering, Everyone on Demand.
Company profiles
Company profile: fibodo Limited
fibodo is the digital solution helping people lead healthier and happier lives. From grassroots individual ...
Company profiles
Company profile: Xn Leisure Systems Ltd
Xn Leisure is a provider of cutting-edge health and fitness software, offering an exceptional service ...
Supplier Showcases
Supplier showcase - Safe Space: Changing concept
Catalogue Gallery
Click on a catalogue to view it online
Directory
Exercise equipment
Power Plate: Exercise equipment
Spa software
SpaBooker: Spa software
Whole body cryotherapy
Art of Cryo: Whole body cryotherapy
Independent service & maintenance
Servicesport UK Limited: Independent service & maintenance
Uniforms
Service Sport: Uniforms
Fitness equipment
Precor: Fitness equipment
Hydrotherapy / spa fragrances
Kemitron GmbH: Hydrotherapy / spa fragrances
Skincare
Comfort Zone - Davines S.p.A: Skincare
Management software
Premier Software Solutions: Management software
Architects/designers
Zynk Design Consultants: Architects/designers
Property & Tenders
Pendine Sands, Carmarthenshire
Carmarthenshire County Council
Property & Tenders
Diary dates
01-04 Jul 2021
Expo Centre & Riviera di Rimini, Italy
Diary dates
18-19 Sep 2021
Locations worldwide,
Diary dates
21-24 Sep 2021
Messe Stuttgart, Germany
Diary dates
28-29 Sep 2021
ExCeL London, London, United Kingdom
Diary dates
04-07 Nov 2021
Exhibition Centre , Cologne, Germany
Diary dates
01-07 Dec 2022
tbc, Dunedin, New Zealand
Diary dates
Search news, features & products:
Find a supplier:
JP Lennard
JP Lennard