Birdietime is compliant with the General Data Protection Regulation (GDPR). Using Birdietime makes you compliant as well.
The EU General Data Protection Regulation (GDPR) enters into force on May 25th, 2018. It is one of the most remarkable international privacy laws in decades. The important aim of the regulation is to improve individuals’ rights to control the use and processing of personal data, and to harmonise the rules within the European Union. Some have pushed the panic button on the new regulation but trust us, there’s no need to.
Birdietime is deeply committed to the new regulation. In addition to full compliance, it is important to us to help PGA Professionals and golf academies using Birdietime to comply with it, too.
For PGA Professionals, golf clubs, pro shops and golf academies (and others doing business with golfers) the biggest implication of GDPR is to realize that
- the regulation concerns you,
- you hold personal data of your customers (such as names, phone numbers and email) and
- you need to be mindful of the way in which you use the data
If you like to understand a bit more about GDPR in general, read the next chapter. Otherwise, you can just jump to the section on “What is Birdietime doing for you”.
The basics of GDPR
The GDPR is about privacy and protection of personal data. It will apply to any organisation processing personal data of EU citizens, regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organisation anywhere in the world. The GDPR also applies across all industries and sectors.
The GDPR makes the definition of personal data extremely broad. Personal data is any information relating to an identified or identifiable individual. That means information that could be used, on its own or in conjunction with other data, to identify an individual. A list of e-mails or customer names and phone numbers written into a paper calendar is all it takes to constitute personal data.
This means that at least a majority of the information that you collect about your customers (=golfers) will be considered personal data under the GDPR. The regulation holds significant changes to e.g. the grounds on which the keeping of a register is justified.
Not complying with the GDPR can result in gigantic financial penalties. Sanctions for non-compliance can be as high as 20 million euros or 4% of global annual turnover, whichever is higher.
Believe it or not, GDPR might also give you competitive advantage! European law tends to set the trend for international privacy regulation, and increased privacy awareness now may give you a competitive advantage later. Our British clients may rest assured that they will remain GDPR compliant using Birdietime tools even after Brexit.
What are your responsibilities?
PGA Professionals, Golf Academies and Pro Shops using Birdietime are considered Data controllers as they process personal information of their customers. Tough that may sound complicated, fear not, as Birdietime helps you fulfill that role!
However, it is good to be aware of your responsibilities. Your role as a Data Controller means that you have the following responsibilities with regards to personal data:
- Define the purpose of your customer register (which in your case is arranging golf lessons and events).
- Process the personal data according to the purpose of the register (meaning you only use the customers’ data for golf and tuition related services)
- Make sure that the registered personal data will be processed according to the regulation by technical and administrative means (meaning you keep the data safe by e.g. making sure you keep your passwords to Birdietime Dashboard protected)
- Ensure your operations are transparent to the registered people, that the data is correct, and that its use is restricted
- Provide your customer (if so requested in writing) access to the data you have, update it, and, if requested, delete the data
What is Birdietime doing for you?
Birdietime is a relatively new service, and we have been mindful of the EU data protection regulations from day 1. We have taken several steps to ensure we are compliant with the GDPR regulations, and continue to take data protection issues seriously. The actions we’ve taken include (but are not limited to):
- We have created a specific Data Protection Policy that all customers using our system need to approve of
- We have ensured that all our third-party service supply contracts meet the requirements of the GDPR and created a List of all our third-party service suppliers and their locations (available upon request)
- We ensure the safety of our customers – and our customers’ customers – data by complying with the best practices and standards of data protection and by continuously developing our readiness for constantly evolving safety protocols.
- Analysed all of our current features and templates to determine whether any improvements or additions can be made to make them more efficient for you
- Evaluate potential new GDPR-friendly features and templates to add to birdietime.com and Birdietime Dashboard
Updates to Birdietime system
We continuously develop our system to better serve our customers, and to make sure the data is processed safely and lawfully also after May 25th, 2018. These tools will, above all, enhance the transparency of the data processing and ensure compliance with the other requirements of the regulation.
The following functionalities are at the heart of GDPR, and we continue to automate and improve the following:
- Clear consents to ensure the rights of the registered person
- Monitoring and supervision of the consents given by the participants
- Search, edit and removal of data after a data request from a registered person
Here’s a summary of the privacy related documents and links to where you can find them:
- Birdietime’s Data Protection Policy
Should you have very specific questions regarding the implications of GDPR to your operations, we suggest you seek out local legal advice.
Should you have any further questions regarding Birdietime and GDPR, do reach out to our Customer Support for any further questions firstname.lastname@example.org.