What you should set up in your TCC to prepare for GDPR

Follow

What is GDPR?

GDPR stands for "The General Data Protection Regulation" which is a privacy law from the European Union that goes into effect May 25, 2018. Its goal is to protect the data privacy and security of all EU persons by setting a new data protection standard for business and governments.

GDPR requires data controllers and processors to implement both organizational and technical safeguards to ensure the rights and freedoms of data subjects are not compromised. If you're interested in the full GDPR regulation (88 pages) it's available here."
 

How To Use This Readiness Guide

We get that the GDPR is complex stuff. We've been preparing in an effort to make it an easier process for you as a Coaches Console user, adding features (some available now and some being released in the near future) along with templates to help you streamline your GDPR compliance as much as possible as it relates to using your Coaches Console System.

This guide is NOT the entirety of the GDPR articles or regulations. It's meant to make it easier to be GDPR-compliant as it relates to The Coaches Console System.

Our attorney says we have to now share the disclaimer, and it's a big one ;-)
 

Disclaimer

All information presented on this page is not legal advice.

While any templates provided were created with the specific needs of a Coach using TCC, you still need to customize them considering the way you run your business.

These guidelines and recommendations are related to your use of the Coaches Console. It's up to you to consider all the other systems and platforms you might use to store and process personal information.

The GDPR requirements presented here are the ones linked with your use of TCC and only a part of your responsibilities under the law.

 

GDPR Requirement

What you should do and how TCC helps

Right to be informed

You need to tell your prospects and clients what data you collect, how you safeguard it, how you process it and how long you will keep it for.

Publish a Privacy Policy on all pages of your website(s) where you collect personal information

In Coaches Console, you will find under Website > Pages a new Privacy Policy page that contains a template for you to review and customize (or replace with your own). Then "Publish" this page and a "Privacy Policy" link will automatically be displayed in the footer of your Coaches Console website.

Inform your current contacts about the Privacy Policy change and document. Use the new "Privacy Policy Update Email Template" now available through your Coaches Console. 

Available: 18th May

 

GDPR Requirement

What you should do and how TCC helps

Lawfulness of processing

In order to process personal information you need to have the legal grounds to do so.
Some of the legal grounds can be:

- Consent (the data subject has given explicit permission)

- Performance of contract
(the processing is required to deliver goods and services purchased)

- Legitimate interest (explained here)

- Legal obligation (you are required by law)

Document your lawful basis of processing

In Coaches Console you can segment your Contacts into Groups to document which Lawful basis of processing you are using for each contact.

For example: Contacts that are opting in would fall under the Consent basis of processing. Clients that have ongoing agreements or have purchased products, packages or services from you, would fall under the Performance of contract basis or processing.

You can also "Group" your contacts by "EU Contacts" and "Non-EU Contacts" or "Unknown Location of Contact" to better segment your list in order to know what type of consent you must acquire.

Update existing contacts and assign them to the appropriate Groups based on location.

Create a process to preform "list hygiene" and remove EU Contacts where you no longer have consent from or lawful basis to process their data.

Already Available

 

GDPR Requirement

What you should do and how TCC helps

Consent

The GDPR is more strict about the way people would opt-in and the way consent is given.

Because consent must be specific and unambiguous, someone downloading a lead magnet from you does not equate to consent to be added to your general email list.

- Consent is clear, freely given and  explicit (no pre-checked boxes or buried under terms and conditions).

- Contacts can withdraw consent easily and unsubscribe.

- Consent should be unbundled so people can consent separately to different purposes and types of processing.

Read more here

Refresh your consent

If you have contacts where Consent would be the only available legal ground of processing you would need to get new consent to make sure it's up to GDPR standards.

In TCC you can use the "Re-engagement Campaign" Template to send to your list (or parts of it) asking them to Opt-in again in order to continue receiving emails from you.

Already Available 

Update your Opt-in forms to be compliant

Check that language on your opt in page(s) is clear and that there is a link to your Privacy Policy.

Using the "Consent Checkbox Feature" on your Custom Opt In Form in your Console System, provide the option for the contact to provide explicit consent prior to submitting personal data.  

Add multiple Consent Checkboxes as needed for additional consent to provide granular consent.

Available: 23rd May

Document consent
While TCC stores the contacts and the fact they opted in on a certain form, you might need to take a screenshot of the way the opt-in process and language looks like (especially because you might alter or delete the specific opt-in page in the future). This will allow you to prove what the contact has consented to at the time of their opt-in.

 

GDPR Requirement

What you should do and how TCC helps

Data Subject Rights

 

Object to processing

Erasure

Correction

Restriction

Request access

Portability of data

Withdraw consent

Provide a way for people to ask for their rights and respond to them in a timely manner

When you inform contacts of their rights (e.g.: through the Privacy Policy Update email template) you would also inform them on how to communicate with you to ask for their rights. You would have to create a process to make sure you are responding to all requests within 30 days.

How TCC helps:

Within the Right to Withdraw Consent, your contact/client can manage their subscription settings when they wish to unsubscribe. They can selectively choose what they do or do not wish to receive from you.

Delete contact - this function will be updated so you can erase personal data/anonymize contacts while also keeping some information you would need like invoices or appointments hours for certification.

Your clients can already update their personal information themselves by logging into their account.

Request access/Portability of data* - we are in the process of implementing a function to export all data stored in your Coaches Console system.

*Available in early June

 

GDPR Requirement

What you should do and how TCC helps

International data transfers

 

If personal information is transferred outside the EU then appropriate safeguards need
to be in place.

Review all your systems and platforms that you use and make sure that, if they transfer data outside the EU, the required safeguards are in place

To fulfill this obligation we will add Standard data protection clauses in the form of template transfer clauses adopted by the European Commission. These are commonly referred to as "EU Model Clauses" and they will be available for you to review and accept under your My Account section in TCC.

Available on 23rd May

 

 

Have more questions? Submit a request

Comments

Powered by Zendesk