How will the new data protection laws affect client data and recorded sessions?

Posted on: 15 May 2018

Next month, ReciproCoach is hosting another series of Recorded Sessions Rounds (register here by June 24) but before you jump in and register, you may need to consider the new General Data Protection Regulation laws which come into effect in Europe on May 25.

In fact, whether you’re registered for a Recorded Sessions Round or not, and even if you’re not located in Europe, you may need to comply the new data protection laws:

“businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU” (Privacy Business Resource 21: Australian businesses and the EU General Data Protection Regulation)

What’s more, compliance will affect your management of personal data (past, present and future) relating to your clients, including personal information, session notes and session recordings – in short, it affects ‘any information relating to an identified or identifiable natural person’ (Article 4 EU GDPR “Definitions”).

As the EMCC explains:

The obvious kinds of information this relates to is name, address, email address, financial information, contact information, identification numbers, etc.

It can also mean things like an IP address, geolocation, browsing history, cookies, or other digital identifiers.

It also could mean information about a person, including their physical, mental, social, economic or cultural identities.

In short, if information can be traced back to or related in some way to an identifiable person, then it is highly likely to be personal data. You can find out more about the GDPR here.

The Association for Coaching comprehensively explains the new rules and what they mean for coaches, touching on everything from “the data you keep, consent to legitimate interest, changes to consent, the right to object, the right to erasure, the right to rectification and documentation”.

Suffice to say, in your relations with ReciproCoach, and as per the EMCC International Newsflash, you will have the following rights:

  • Right of access: You can ask for a copy of the personal data retained about you and an explanation of how it is being used.
  • Right to rectification: You have the right to correct, revise or remove any of the personal data retained about you at any time.
  • Right to be forgotten: You can ask to delete your personal data.
  • Right to restrict processing: You may request limited use of your personal data.
  • Right of portability: You will receive any personal data in a structured, commonly used and machine-readable format.
  • Right to object: If you no longer wish to allow your personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, you may opt out of use of your data for these purposes.

We have updated our terms and conditions accordingly and the next time you register for a ReciproCoach event, you will also find an updated set of terms and conditions for participation.

The changes relating to data protection, although European, provide an insight into current standards in professional management of data. We therefore encourage all ReciproCoaches to adopt such practices for data protection, regardless of whether you work with European residents or not.

Written by Kerryn Griffiths, PhD, PCC and Global ReciproCoach Coordinator