GDPR: A Gladstone Overview

General Data Protection Regulation 

NEW! Read this article if you want to get a brief understanding of GDPR regulations, how it will impact your leisure organisation, and what you can be thinking about now to ensure your organisation is ready in time for May 2018. 
#GladstoneGDPR

Review the Information Commissioners Office Blog posts to find out handy tips and information regarding GDPR.

New [23-05-2018] 

• For MobilePro customers, download new GDPR changes for MobilePro and Personal Information processed by MobilePro documentation.

• The GDPR Plus2 version is now available.  Hosted customers (only) can book their upgrade slot here, all on-premise customers who have ordered the upgrade should work with their Sales Manager and/or Project Manager to arrange the installation.
• Announcing partnership with ClearComm to provide organisational GDPR Compliance - learn more
• New ClearComm GDPR Business brief - download here
• Request a quotation for an upgrade
• Watch a 30 minute presentation on GDPR (from the Gladstone Summit).
• Download the Gladstone GDPR white paper 
• CBT Training and Release Notes are available for customers who have ordered the GDPR upgrade, contact your sales manager for access to these materials.

What is the General Data Protection Regulation (GDPR)?

The EU General Data Protection Regulations (GDPR) come into force 25th May, 2018, overhauling the data protection regulations to meet the needs of the digital world. 

GDPR maintains the same data protection principles as the Data Protection Act, but brings in higher standards for fairness, lawfulness and transparency, purpose limitation, data minimisation, data quality, security and integrity. Accountability is key; requiring companies to demonstrate that they comply with the principles across their business. 

The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. 

Why do we need these revised regulations?

Due to the growth of the internet and changes in behavioural advertising and social media, personal data is now being used in ways that were not envisaged at the time the current EU Directive was drafted making it not fit for purpose. There is a public led, political impetus for stronger data protection resulting in the need for GDPR. 

What is Gladstone doing to keep pace with GDPR changes?

Gladstone has already made a commitment to our customers that we will help them meet the requirements of this legislation ahead of May 2018.

As part of this work, we are building and releasing new versions of our products that are being built according to the ‘Privacy by Design’ principle enabling our customers to fulfil their duties in adhering to EU GDPR. These proposed changes will be reviewed with a specialist GDPR lawyer, to ensure correct and complete interpretation of the law.

At this stage our expectation is that the majority of Gladstone modules and products will need to be changed to align with the GDPR legislation - facilitating our customers’ ability to be compliant with the GDPR. As our review progresses, we will advise the schedule for software updates, also whether there are any areas that do not require updates.

Work starts in Gladstone R&D mid August 2017 and new versions of products should be ready to be deployed to our customers around December 2017. Please note that all product modifications will be made to the general release version of the software only.

We advise customers on legacy versions of our products to therefore start planning upgrades in conjunction with your Gladstone Account Manager and Project Managers. Please note that some very old legacy versions may require an interim upgrade - for compatibility to upgrade to the latest GDPR ready versions when they are released.

Gladstone will be working closely with our hosted customers to ensure migration to the new GDPR ready versions, as well as making any necessary environmental changes within the hosted environment to facilitate GDPR regulatory guidance.

All Gladstone customers will have the option to upgrade to GDPR ready versions by May 2018 to fulfill their duties in adhering to EU GDPR. 

What our customers need to do?

Customers should review all existing processes in place within their organisations that relate to the storage and use of casual and member data. In particular, consider areas relating to:

• Consent – it should be possible to trace and identify what an individual has consented to, as well as the time and method of consent. This consent could cover joining information, health data, and marketing preferences. It should also be possible for a member to change preferences or withdraw consent easily.
• Security of data – Gladstone customers using PIN and password should consider moving to secure passwords.
• Capture of childrens’ data - the GDPR states that parental/guardian consent for access to online services is required for children – in the UK <13 years old. This means that as an operator, you need to consider how you are currently targeting memberships or activities for children – are the children being targeted to sign up or the parents?
• Archiving and deletion of end customer data – it is worth re-examining both the length of time you need to retain casual and member data and the way that you store this.
• Analytics, anonymization, and profiling - cookies should be treated as personal data and require consent – cookies set for different purposes may need separate consent. For your own websites, consider whether you have cookie consent exemption, automatic anonymization of visitor id, respect for DoNotTrack preferences, and opt-in/out on any privacy policy pages.

Reviewing your own processes is time consuming and complex, for this reason, Gladstone encourages its customers to seek qualified GDPR legal advice to ensure compliance with the GDPR.

It should be emphasised that Gladstone software alone cannot make an operator compliant as the regulation applies to all processes and practices performed by operators. However, we aim to ensure that by upgrading to our latest GDPR ready versions; will enable customers to build compliant practices within their organisations more easily to fulfil the main areas covered by the legislation.

Additional resources from the Information Commissioners Office:

• Interim Gladstone product feature update list - download
• Watch the 30 minute GDPR session from the Gladstone Summit on YouTube - here
• Request a quotation for a GDPR ready upgrade to your Gladstone portfolio - here
• An Overview of GDPR
• Getting ready for GDPR
• A data protection self assessment tool kit

And finally,

Gladstone recognise that communication is going to be key over the next 10 months to allow us to keep you informed of progress.

Regular updates and articles will be posted through our Blog, where you can check back in your own time, leave comments and ask topical questions. For specific questions associated with your own installation environment please work with your account manager and/or support representative.

* * UPDATE: 31 August * * 

At Gladstone Software our research and development team is fully committed to making feature changes to our current product suite to assist you in becoming GDPR compliant. Development work has started in earnest for GDPR covering the area of the security of personal data. 

Gladstone is committed to shipping new products with security top of mind.  Our teams are using this development cycle to future proof security functionality across our platform.  As such, new releases will utilise the latest encryption methodologies together with enabling strong passwords at the outset.  Gladstone has always prided itself on delivering customer choice and will continue to enable customers to utilise their own preferred security settings, however Gladstone ship and deploy with security at the forefront. 

Product Update

• Plus2 updates to allow users to manage changes in consent regulations, the capture of personal data and children’s consent
• Further improvement to strong password functionality