What is GDPR?
How To Use This Readiness Guide
DisclaimerAll information presented on this page is not legal advice. While any templates provided were created with the specific needs of a Coach using TCC, you still need to customize them considering the way you run your business. These guidelines and recommendations are related to your use of the Coaches Console. It's up to you to consider all the other systems and platforms you might use to store and process personal information. The GDPR requirements presented here are the ones linked with your use of TCC and only a part of your responsibilities under the law. |
GDPR Requirement |
What you should do and how TCC helps |
Right to be informed You need to tell your prospects and clients what data you collect, how you safeguard it, how you process it and how long you will keep it for. |
Publish a Privacy Policy on all pages of your website(s) where you collect personal information In Coaches Console, you will find under Website > Pages a new Privacy Policy page that contains a template for you to review and customize (or replace with your own). Then "Publish" this page and a "Privacy Policy" link will automatically be displayed in the footer of your Coaches Console website. Inform your current contacts about the Privacy Policy change and document. Use the new "Privacy Policy Update Email Template" now available through your Coaches Console.Available: 18th May |
GDPR Requirement |
What you should do and how TCC helps |
Lawfulness of processing In order to process personal information you need to have the legal grounds to do so. - Consent (the data subject has given explicit permission) - Performance of contract - Legitimate interest (explained here) - Legal obligation (you are required by law) |
Document your lawful basis of processing In Coaches Console you can segment your Contacts into Groups to document which Lawful basis of processing you are using for each contact. For example: Contacts that are opting in would fall under the Consent basis of processing. Clients that have ongoing agreements or have purchased products, packages or services from you, would fall under the Performance of contract basis or processing. You can also "Group" your contacts by "EU Contacts" and "Non-EU Contacts" or "Unknown Location of Contact" to better segment your list in order to know what type of consent you must acquire. Update existing contacts and assign them to the appropriate Groups based on location. Create a process to preform "list hygiene" and remove EU Contacts where you no longer have consent from or lawful basis to process their data. Already Available |
GDPR Requirement |
What you should do and how TCC helps |
Consent The GDPR is more strict about the way people would opt-in and the way consent is given. Because consent must be specific and unambiguous, someone downloading a lead magnet from you does not equate to consent to be added to your general email list. - Consent is clear, freely given and explicit (no pre-checked boxes or buried under terms and conditions). - Contacts can withdraw consent easily and unsubscribe. - Consent should be unbundled so people can consent separately to different purposes and types of processing. Read more here |
Refresh your consent If you have contacts where Consent would be the only available legal ground of processing you would need to get new consent to make sure it's up to GDPR standards. In TCC you can use the "Re-engagement Campaign" Template to send to your list (or parts of it) asking them to Opt-in again in order to continue receiving emails from you. Update your Opt-in forms to be compliant Check that language on your opt in page(s) is clear and that there is a link to your Privacy Policy. Using the "Consent Checkbox Feature" on your Custom Opt In Form in your Console System, provide the option for the contact to provide explicit consent prior to submitting personal data. Add multiple Consent Checkboxes as needed for additional consent to provide granular consent. Available: 23rd May Document consent |
GDPR Requirement |
What you should do and how TCC helps |
Data Subject Rights
Object to processing Erasure Correction Restriction Request access Portability of data Withdraw consent |
Provide a way for people to ask for their rights and respond to them in a timely manner When you inform contacts of their rights (e.g.: through the Privacy Policy Update email template) you would also inform them on how to communicate with you to ask for their rights. You would have to create a process to make sure you are responding to all requests within 30 days. How TCC helps: Within the Right to Withdraw Consent, your contact/client can manage their subscription settings when they wish to unsubscribe. They can selectively choose what they do or do not wish to receive from you. Delete contact - this function will be updated so you can erase personal data/anonymize contacts while also keeping some information you would need like invoices or appointments hours for certification. Your clients can already update their personal information themselves by logging into their account. Request access/Portability of data* - we are in the process of implementing a function to export all data stored in your Coaches Console system. *Available in early June |
GDPR Requirement |
What you should do and how TCC helps |
International data transfers
If personal information is transferred outside the EU then appropriate safeguards need |
Review all your systems and platforms that you use and make sure that, if they transfer data outside the EU, the required safeguards are in place To fulfill this obligation we will add Standard data protection clauses in the form of template transfer clauses adopted by the European Commission. These are commonly referred to as "EU Model Clauses" and they will be available for you to review and accept under your My Account section in TCC. Available on 23rd May |
Comments