When the EU established General Data Protection Regulations (GDPR) in 2016, the mandates were more than just a wake-up call for U.S. businesses – they were a clear sign that precise and secure management of customer data is absolutely essential for organizations, regardless of size or geographic location.
But as the regulatory net tightens, hackers continue to breach firewalls at unprecedented levels. In their 2019 report, Risk Based Security, a risk-mitigation firm based in Richmond, VA, reported that hackers had accessed 7.9 billion consumer records during the first nine months of the year.
Because of reinforced regulations and an increase in data breaches, we have seen sports and fitness clubs, studios, and facilities begin addressing their own privacy policies and those related to personal data collection, and start adopting powerful practices to ensure member and client safety and security.
Key Ways for Sports and Fitness Businesses to Keep Members Secure
1. Implement Informed Security Measures
Ensure your staff, or “front line”, is armed with knowledge needed to protect against attacks to data security. One big threat to enterprise businesses are email phishing scams which attempt to induce recipients to share personal details such as passwords or credit card numbers.
“Most of us use the same password for everything,” says Mike Rucker, VP of Technology at Active Wellness. “Once someone has it, they have the keys to an employee’s kingdom and, unfortunately, our kingdom. So ongoing education is critical. One of the best ways to protect an organization is through continued education, so staff are vigilant and comply with safe practices.”
Carefully implemented security measures designed to guard against data breaches are critical, as are protocols to quickly notify customers, partners and the authorities in the event a breach does occur. Have documented, regularly tested procedures regarding how to handle a breach.
2. Audit Your Member Data Action Plan
Where does your membership data come from, and what you do with it? You must be able to identify how you obtain data, where the data resides, for how long, and who can access it. Keep in mind that the GDPR’s “right to be forgotten” clause appeals to many consumers. How long do you keep data on former members? Now is the time to revisit your policies.
3. Position your Company as Privacy-Forward
Each data breach heightens public awareness, reminding consumers that businesses have more data than most of us realize, and when not properly managed, their information is on the line.
To comply with the spirit of GDPR, studios and gyms are encouraged to implement voluntary measures to manage PII (Personally Identifiable Information). Consider creating guidelines that ensure PII is encrypted and that your payment systems are resistant to attack, and ensure your employees follow policies that mitigate risk.
Once these guidelines are implemented, informing your customers of your commitment to their privacy can be a brand-enhancing strategy.
4. Choose Your Partners Carefully
Under GDPR, your company is liable for the breaches of third party processors. Scrutinize your vendors and work only with those who are as serious about security as you are. This is especially important when it comes to payment management. From ACH and Apple Pay to Google Pay and UP Payments, there are more options than ever for merchants offering POS and online transactions – and at the same time, more pressure than ever to make paying as easy and convenient for customers as possible.
Ensure Security Within Your Sports + Fitness Software
Ensuring the security of your operations software is the crucial first step to being able to manage the security of your data, especially when it comes to taking payments.
Built into Upper Hand’s sports and fitness software is UP Payments, a fully integrated payment solution that enables transactions online and across the app, and allows robust financial reporting.
This means businesses can accept payment from anywhere – including mobile checkout for members who need to pay on the go – from almost any form of payment (multiple currencies are supported). And most importantly, fraud management, encryption and compliance, and chargeback management are all included in UP Payments. As a partner with Paysafe, the global leader in universal payments, Upper Hand clients can rely on those safe payments, and so can their customers.
As your members become aware of how GDPR is increasing requirements for consumer privacy, now is the time to review how your facility and fitness software handles PII, payment processing and other data.