The CoachAccountable Blog

Master CoachAccountable and become the best f'ing coach you can be. Also, news.

Archive for Security

CoachAccountable and the GDPR

If you’re a coach in the European Union, you’ve probably already heard of the GDPR.

If you’re not, you’ve probably seen numerous relics of the GDPR over the last few weeks, namely in the form of emails from websites you use announcing a change in their Privacy Policies.

What’s it all about?  It’s the EU’s very-soon-to-be-in-effect General Data Protection Regulation.

It’s a good bit of law, I think!  Oh sure, it’s caused it’s share of grousing and griping among businesses for how much work it’s entailed as everyone wades through legalese and policy in order to get compliant (myself included!).  But I view it as a step in the right direction for end users to have greater control over their data and privacy.

Basically, it demands of companies that they don’t do terrible things with individual’s data, and that all usage of such data must be documented and above board.  Companies must get explicit consent to use someone’s data for a given purpose, and that consent can’t be buried in a huge pile of indecipherable legalese.  End users must have some real control over their data, including the ability to delete it.

As individual, this sounds good to me.

As a company, CoachAccountable has never had any business trafficking in user data in unexpected or vaguely nefarious ways.  And our in-app “Delete” buttons really do delete data (much to the chagrin of the occasional coach who accidentally deleted an entire client record!).  So our compliance is largely a matter of paperwork: basically to document and agree to be legally bound to the very practices we’ve always adhered to.

What this means for CoachAccountable customers

First off, our privacy policy has been updated, much like the policies of everyone else.  I encourage you to check it out: like most privacy policies, it’s largely boring, BUT I’ve been happy to lay out clearly what data we collect and what exactly we use it for (and why).  Part of this updated policy is that CoachAccountable is registered and listed with Privacy Shield, which is basically a fancy way of saying “we actually mean everything we say in this policy, AND we’re in legal trouble if we don’t hold true to it”.

Yep, we attest that we really mean what we say in our privacy policy.

In other words, the privacy policy isn’t just flowery language. :)

Second, for our customers who work with anyone in the EU: by setting those clients up within your CoachAccountable account, the GDPR applies to you.  Part of that applying to you is that you need to verify that any partner involved in processing your data is ALSO above board when it comes to the GDPR regulations.

In this case, that’s CoachAccountable!  You need to verify that CA is handling your EU citizen personal data in accordance with the law, so that your handling of that data [by way CoachAccountable] is in compliance with the law.

To allow you to do this, we’ve got a Data Processor Agreement (DPA) available for you to agree to.  The DPA essentially states that you (as controller of your client data) and CoachAccountable (as processor of that data) mutually agree to handle that data appropriately and in compliance with the GDPR; that we’ve each got our part to play for the lawful handling of data; and that we each take responsibility to do so.

If the GDPR applies to you (i.e. if you work with and/or collect personal data on any citizen of the EU), you’ll want to enter into the CoachAccountable Data Processor Agreement right away.  You’ll find the place to do so when logged in (provided you’re a coach and owner of the account) under My Account >> Data Processor Agreement.

Give it a read, and click the button–good to go!

And that’s about it: an updated privacy policy and a DPA for you to agree to if you need it.

What if I’m not in the European Union?

If you coach anyone in the EU (or ever will) this still applies to you.  But if you don’t, then this very well might not mean anything to you.  One caveat to that, though: the GDPR mandates certain rights for citizens in the EU, as laid out in the privacy policy.  I’m happy to say that when it comes to CoachAccountable, these rights apply to everyone worldwide, and not just EU citizens.


GDPR looks to be a great way to better balance the rights of individuals against the companies they do business with.  There’s some work for those of us who handle the data of those individuals in order to reach compliance, but it’s reasonable and worthwhile.  We’ve done our best to make it easy as possible for coaches to be compliant in their handling of data with CoachAccountable!