GDPR – 4 letters that can make your teeth rattle if you have been paying attention. What seems to be a noble idea – protecting personal data of your clients – can have hefty consequences if these data are compromised under your watch.

What you can do to protect your clients’ personal data and your own finances.

The Health Coaching BizSHIFT Season 1 was a summit held from 01 March to 05 March 2021. But what is this GDPR? How does it even work? Does it apply to me as a life or health coach? Jo Brianti, a certified Data Protection Officer gave us the scoop on GDPR requirements for health and life coaches during this summit.

What is GDPR anyway?

GDPR (General Data Protection Regulation) is a set of e-regulations all businesses are required to follow without exception. 

Nerd alert

The regulations are controlled by the EU. This means all businesses inside the EU have to be compliant. Unless you are running a business where you’ll never interact with clients or suppliers in the EU / EEA, non-EU businesses have to be compliant as well.

Personal data has become a major factor in today’s digital oriented world. The GDPR aims to prevent unsafe practices and protect you from exposing your clients’ or suppliers’ data.

While you can treat your own data that is not linked to your clients as you please, client and supplier data has to be handled in a manner that meets GDPR requirements.

Rather the listening type? Here you go…

What exactly is personal data?

Personal data is any data that identifies a living individual. This can be any combination of details such as name, surname, email address, financial data, etc.

Personal data could also be the way you describe a person. – Jo Brianti

Even though you might not mention an individual by name, any descriptive data that makes it obvious who is being referred to is personal data. For instance, making reference to an artist client battling addiction who is performing at the local theatre tonight is personal data.

The personal data of clients and other stakeholders should always be protected. 

As an example, make sure your payment system offers maximum protection. To be safe, go with specialist third party gateways such as PayPal. This helps you minimize the risk of compromising your clients’ credit card and financial details.

Not complying with GDPR requirements

Companies that don’t comply with GDPR requirements can be fined 4% of their global revenue, or an amount not exceeding 20 million Euros. 

These measures are generally designed for extreme data breaches by international conglomerates.

“If you are a single operator running a small business that turns over 100000 Euros per year, there’s no way you are going to face a 20 million Euro fine.”

While compliance is mandatory, there’s also the concept of appropriateness. What is appropriate for a large international company like Linkedin is not necessarily what will be appropriate for a small life coaching consultancy.

Instead of focusing on the penalties and worrying, focus on doing the best you can. – Jo Brianti

Data breaches and endangering of client data is likely to happen at some point in your business. A lot of the times, this will be a result of events beyond your control.

Hackers will always exist. There’s always the chance you or someone in your organization will forget a laptop in a bus. Your offices might be robbed one day.

These are all events that will put your clients’ data at risk.

GDPR compliance is about ensuring should such unforeseen incidents happen, you’ve taken steps to minimize the damage.

It is better to focus on measures to protect your data should a hard drive get stolen, than it is to worry about penalties. The measures you took to minimize damage will be taken into account by the relevant authorities.

GDPR requirements, mailing lists and lead magnets

When choosing a new mailing list service or CRM system, always read their privacy policy. Find out where exactly they store their client data. What data security protocols does the company have? 

There are two legal bases you can use when signing people to your mailing list.

Legitimate interest

You can put people who have a legitimate interest in your business on the mailing list. This can be customers, clients, and business partners. However, legitimate interest is something that needs to be monitored on a regular basis. 

If someone stopped using your service six months ago, or their purchase was only once off, do they still have a legitimate interest in your business? That’s why you need to constantly check and update your mailing list.

Consent

Consent is the principle that governs how you deal with people who signed up to your mailing list from your website. This is extremely relevant if you are using lead magnets to attract subscribers.

The cornerstone of this principle is you need to give people the ability to get the lead magnet without forcing them to sign up to your mailing list. The best way of dealing with this is to invite people to sign up to your mailing list on the lead magnet download page.

If they don’t agree to be on your mailing list, then you should not send them marketing materials.

You should not make receipt of the lead magnet dependent upon them giving you their email address. – Jo Brianti

So is the mailing list dead?

You can’t make people subscribe just because they want the lead magnet. They could even grab your precious freebie, and merrily be on their way without signing up.

So is the mailing list as we know it dead?

No. You simply need to work on making sure there’s actual value in whatever content you’ll be sending subscribers. Gone are the days of freebie blackmail.

This, believe it or not, is actually to your advantage.

Only people really interested in your services are going to subscribe to your mailing list. You’re not going to be spending money to maintain thousands of email addresses, when only a third of those actually open your messages.

Take it for the win it is.

Making sure my tools meet GDPR requirements

Many companies have hosting in the EU. To ensure you are GDPR compliant, start by investigating if the company you intend on using is one of those. This can be as simple as requesting this information from the organization.

Services such as Microsoft365 use geo locating, which means your data is stored on the nearest server to your location.

Many international conglomerates have a privacy policy on their websites. This document is in fact a requirement. It stipulates how data is handled and where it’s stored, among other details. Check it out.

It’s good to read the privacy policy of any tech service / product you are buying for your business. Things to look for include:

  • Security protocols.
  • People and organisations with access to your data.
  • What international security standards are followed?

If the answers to how the company stores data doesn’t satisfy you, there are two possible options.

Do I look for another tool, or do I mitigate the risk? – Jo Brianti

Ways of mitigating the risks include:

  • Having up to date virus and malware protection.
  • Encrypting your data.

If you are in doubt about your service provider’s GDPR compliance status, or if they store data outside the EU, you will have to inform your clients.

Just like you expect Microsoft to tell you where they store your data, you owe your own clients the same. Tell them who stores their data, who has access to it, and where exactly it’s stored.

In the event you’re using third party service providers, such as PayPal or MailChimp, link them to those companies’ privacy statements.

How to get started

Start by creating a table or spreadsheet. List down each service provider you use for storing data, and what kind of data this is. You can then note the data policy of that organization.

Make sure any data you personally handle on your hard drive is encrypted.

Download encryption software from your phone’s app store to protect sensitive data such as contacts on your device.

GDPR requirements for health and life coaches – Key Takeaways

  • GDPR is compulsory.
  • You should focus more on preventing data breaches than on worrying about penalties.
  • Give people the option of getting your lead magnet without subscribing to your list.
  • Regularly audit your mailing list.
  • Try to only use companies with EU facilities to protect your data.

GDPR compliant email marketing

We know this can be a lot to chew on. That’s why Jo is offering a free download containing GDPR compliance tips for marketers.

The PDF touches on issues such as:

  • Managing your mailing list
  • Cookies
  • Events
  • Consequences of not meeting GDPR requirements

About Jo

Jo Brianti

Jo is an expert in helping businesses to streamline and simplify their processes, specialising in CRM and email marketing. She uses her wealth of experience to advise on the right tools and systems to achieve company goals in a GDPR compliant way.

Jo’s background is in technology; she began her career as a technical Project Manager for huge organisations like TUI and Transport for London. Jo also qualified as a Project Manager and recently achieved the C-DPO Data Protection Officer Certification.

In 2015, Jo founded JLB Business Consulting, focusing on helping small companies understand and then select the right systems for their data and marketing needs. Her clients benefit from her vast knowledge of systems and her ability to bring large scale business analysis to small scale companies. 

CATEGORY

Communication – Health Coaching BizSHIFT – Marketing – Strategy

POSTED ON

April, 26th 2022

SOCIAL

Photo via canva.com

Related Posts

Selling Services is Different: Here are a few underestimated and often neglected areas you need to pay attention to…
Selling Services is Different: Here are a few underestimated and often neglected areas you need to pay attention to…
Gallery

Selling Services is Different: Here are a few underestimated and often neglected areas you need to pay attention to…

April 14th, 2022
5 Pricing Mistakes As A Coach – Here’s How To Avoid Them
5 Pricing Mistakes As A Coach – Here’s How To Avoid Them
Gallery

5 Pricing Mistakes As A Coach – Here’s How To Avoid Them

March 22nd, 2022
Kick The Bill Fairy Hope To The Curb & Unlock Your Money Mastery
Kick The Bill Fairy Hope To The Curb & Unlock Your Money Mastery
Gallery

Kick The Bill Fairy Hope To The Curb & Unlock Your Money Mastery

February 15th, 2022
5 Quick Get-That-Client Tips when Preparing an Introductory Meeting
5 Quick Get-That-Client Tips when Preparing an Introductory Meeting
Gallery

5 Quick Get-That-Client Tips when Preparing an Introductory Meeting

November 9th, 2021

Here’s your roadmap to nailing your niche and attracting your dream clients with ease!


Want to stand out with a clear and enticing statement about who you help and what you do for them?

Snag my checklist-style workbook to ponder on the right questions so you can confidently choose your niche and create success in your health coaching business!

“This process helped me finally let go of wanting to help everybody with anything and aligned my business to myself.” – Daniela Pade

.

In case you only want the checklist but no additional tips, updates on new articles or special offers, please head over to the contact form and chose  “Request for Checklist”.