2018 májusában életbe lépett az új adatvédelmi törvény, amely a coach szakma számára is adott feladatokat. Az ICF Magyar Tagozata, az MCSZ-szel együttműködve szervezett workshopot a témában, amelynek előadásait a tagok számára elérhetővé tettünk.
Az ICF Global, a GDPR kapcsán megfogalmazta ajánlásait, és azt is szabályozta, hogy a minősítési folyamatokban hogyan változtat az adatvédelmi előírásoknak megfelelően. Erről itt található a dokumentum, amelyet az ICF tagok meg is kaptak.
Azonban egy-két témakör kapcsán Kákonyi Anett akkredticiós igazgatónk kérdéseket tett fel az ICF nemzetközi szervezetének.
A kéréseket és válaszokat itt most közzétesszük, a pontosítás lényege tehát:
1. az eddigi gyakorlattól eltérően az ICF nem kéri a coach minősítési eljárás során az ügyfelekről készített "naplót". Azonban ez nem jelenti azt, hogy nem is kell vezetni. Szükséges, de azt a jövőben az ICF "szúrópróba szerűen" fogja kérni és vizsgálni.
2. az ICF azokat a jelentkezőket, minősítést kérőkat, akik nem a valóságnak megfelelő adatokat adnak meg, akár 5 évre is kizárhatja a szervezetből, és a minősítési eljárásból.
A kérdések és válaszok, szerkesztés nélkül:
As you note below, credentialing candidates are no longer required to provide the ICF with a client log when submitting their application, as the transfer of the log could put client data at risk and may present a violation of GDPR. Rather, we now ask candidates a number of questions in the application about their client coaching experience, including asking candidates to verify they have completed the required number of hours of client coaching experience with the required number of clients. Applicants are also required to provide a signature verifying they understand they could be audited as part of the process, and that they understand providing inaccurate or fraudulent information in the application could result in the denial and/or revocation of a credential for up to 5 years.
How the audit will look like? What will you check? How often the audit will take place?
- ICF will not share the details of the internal audit process with the larger public as this is confidential; if one is selected for an audit, more information will be available at that time.
-Verify the coaches client hours and accuracy of their log.
-Random but in general the number of audits conducted will likely drastically increase.
The audit process that we have in place is GDPR compliant and will not require candidates to provide client data directly to the ICF. Rather, ICF will randomly select a percentage of credentialing candidates monthly to be audited and the ICF Credentialing team will contact selected candidates and provide them with detailed instructions to complete the audit process. Coach candidates will then disseminate audit information to their clients; responses provided by clients verifying the coaching hours received from the candidate will be sent directly to the ICF. If a candidate provides confidential, internal coaching within an organization, an authorized point of contact within that organization may verify the coaching hours the candidate provided to individual clients within the organization.
Through the audit process, ICF will verify the client, total hours of coaching provided by the credential candidate to the client, and the nature of coaching (paid vs. pro bono, individual vs. group, etc.).
How long coaches should keep clients’ personal data? Is it possible that you go back to 8 years and asks to show the clients’ data?
- We have always encouraged our Credentialed-Holders to have a robust policy that requires permission from each client to ‘Opt-in’ and explain that you are requesting their data to submit to ICF for credentialing purposes. It should outline how long you plan to keep/store their records and how long ICF keeps their records, etc... (which is outlined in the announcement e.g. Per GDPR we keep applications info for six (6) months after award of credential).
-According to GDPR; entities may keep data for a ‘reasonable time period’(and no longer) if there is a ‘business need’. An ICF Credential in our eyes would indeed be a ‘business need’ and with that said the coach just needs to outline in a transparent manner, how long they will keep their client data (and also outline what constitutes as client data) + ensure they also note ICF’s record retention in that policy.
We encourage credential candidates to maintain client records in a secure manner that complies with all relevant data security and privacy laws in their jurisdiction, including GDPR. Coaches should receive client consent to collect and maintain their clients’ data. If a credential candidate is selected for audit, ICF will request verification of the number of client coaching hours required for the credential level for which they are applying. As such, coaches should maintain basic client data (name, contact, number of coaching hours) as long as they plan to pursue an ICF credential.
How will you be sure about that the data in the applications are correct?
Applicants have some concerns about that some people might provide false information in the application form. How should I ensure them that it is a trusted process?
-Via the audit process, as mentioned in the credentialing update “If an audit reveals that a coach has provided inaccurate or fraudulent information regarding their coaching experience, they may be subject to denial and/or revocation of their ICF Credential and may be prohibited from reapplying for an ICF Credential for up to five (5) years.”
-The ICF takes very seriously the credentialing application process and has developed steps to ensure the integrity of the process, including the client coaching experience audit process. Individuals who are found to have provided false or fraudulent information in the audit process will be subject to sanctions including the denial and/or revocation of an ICF credential for up to 5 years.