Logo for Institute of Coaching Studies with teal and grey text next to a graphic of five coloured circles connected by lines, resembling a molecular structure.
Book a call

GDPR Consent For Coaches: What You Need From Every Client

A person holds a smartphone displaying an online form titled "Let's Start" with fields for company name and location.

One of the most common questions we hear from coaches in our training programmes is about GDPR consent. The regulations can feel overwhelming, particularly when you’re trying to focus on building your coaching practice rather than navigating legal complexities.

The reality is that as a coach, you’re processing personal data every time you work with a client. From their contact details to the intimate details they share in sessions, you need a clear understanding of when and how to obtain proper consent.

In this article, we will explore the specific consent requirements under GDPR for coaches, what constitutes valid consent, how to document it properly, and when you might rely on other lawful bases for processing client data.

Understanding GDPR Consent For Coaches

Consent under GDPR is defined as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Let’s break down what this means in practical coaching terms:

  • Freely given: Your client must have a real choice. They can’t feel pressured or coerced into giving consent
  • Specific: Consent must be given for particular purposes, not just general data processing
  • Informed: Clients must understand what they’re consenting to
  • Unambiguous: There should be no doubt about whether consent has been given

The key here is to remember that pre-ticked boxes, silence, or inactivity don’t constitute valid consent.

When Do You Need Consent From Coaching Clients?

As a coach, you’ll typically need GDPR consent for several specific activities:

During the initial enquiry process:

  • Storing contact details from potential clients
  • Following up on coaching enquiries
  • Sending information about your services

Throughout the coaching relationship:

  • Recording session notes that contain personal details
  • Sending coaching resources or homework
  • Storing payment information (though this often falls under contract necessity)

For marketing and communication:

  • Adding clients to your newsletter
  • Using testimonials or case studies
  • Following up after the coaching engagement ends

The most important thing to understand is that you need separate consent for each different purpose. You can’t use a single blanket consent for all your data processing activities.

Valid Consent Requirements in Coaching

For your consent to be legally valid under GDPR, it must meet specific criteria that go beyond a simple “I agree” checkbox.

Clear and plain language is essential. Avoid legal jargon or complex coaching terminology that might confuse your client. Instead of “I consent to the processing of my personal data for coaching-related activities,” try “I agree that you can store my contact details and session notes to provide coaching services.”

Separate consents for different purposes ensure compliance and build trust. You might structure this as:

  • “I agree that you can store my contact details to schedule and follow up on coaching sessions”
  • “I agree to receive your monthly newsletter with coaching tips and resources”
  • “I agree that you can use my feedback as a testimonial (anonymised) on your website”

Easy withdrawal must be possible. Make it as simple for clients to withdraw consent as it was to give it. This means including clear instructions in all your communications about how to unsubscribe or withdraw specific consents.

How To Document GDPR Consent

Proper documentation protects both you and your client. You need to be able to prove that consent was given, when it was given, and what it covered.

Create a consent record that includes:

  • What the client consented to
  • When consent was given
  • How consent was given
  • Any relevant information provided to the client

Use clear consent mechanisms in your client onboarding process. A simple consent form might include something like this:

Data Processing Consent

□ I consent to [Coach Name] storing my contact details (name, email, phone) to provide coaching services and schedule sessions.

□ I consent to [Coach Name] keeping confidential notes from our coaching sessions to track progress and prepare for future sessions.

□ I consent to receiving monthly newsletters with coaching resources and tips. I understand I can unsubscribe at any time.

Name: _________________ Date: _________ Signature: _________________

Keep records accessible but secure. You should be able to quickly show a client what they’ve consented to if they ask, but the information must be protected from unauthorised access.

When Other Lawful Bases Apply

Here’s where many coaches get confused: consent isn’t always the most appropriate lawful basis for processing client data. GDPR provides six lawful bases, and legitimate interests or contract might actually be more suitable for many coaching activities.

Contract necessity applies when data processing is essential for fulfilling your coaching agreement. This typically covers:

  • Basic contact information needed to deliver coaching sessions
  • Payment processing and invoicing
  • Session scheduling and rescheduling

Legitimate interests might apply for:

  • Keeping basic records for professional insurance purposes
  • Following up with past clients about additional services (with easy opt-out)
  • Processing testimonials where you have a legitimate business interest

The key here is to assess each type of data processing separately. You might use contract necessity for session delivery, consent for newsletters, and legitimate interests for professional development follow-ups.

Practical Consent Management For Coaches

Managing GDPR consent doesn’t have to be complicated, but it does need to be systematic.

Start with your client onboarding process. This is when you’ll gather most consents, so make it comprehensive but not overwhelming. We recommend a simple two-page document: one page covering your coaching agreement (including data processing necessary for the contract), and another covering optional consents.

Regular consent reviews ensure you’re not holding onto consents longer than necessary. Set a calendar reminder to review client consents annually. If someone hasn’t engaged with your newsletter for two years, it might be time to seek fresh consent or remove them from your list.

Clear communication throughout the relationship maintains trust. When you’re about to use client data in a new way, check if you have appropriate consent. If you want to share a client success story in a workshop, ask specific permission even if you plan to anonymise it.

Common Consent Mistakes Coaches Make

We see coaches making the same GDPR consent mistakes repeatedly. Here are the most important ones to avoid:

Assuming consent lasts forever. Even valid consent can expire, particularly for marketing activities. If someone consented to your newsletter three years ago but hasn’t engaged since, you should consider seeking fresh consent.

Using implied consent. “If you don’t want to receive our newsletter, please let us know” isn’t valid consent under GDPR. Consent must be a positive action.

Bundling too much together. Requiring newsletter consent to access coaching services isn’t freely given consent. Keep necessary processing separate from optional marketing communications.

Poor withdrawal processes. If someone has to email you personally to unsubscribe from your newsletter, that’s not compliant. Make withdrawal as easy as giving consent.

Your GDPR Consent Checklist

Before you start working with any new coaching client, make sure you can answer yes to these questions:

  • Have I clearly explained what personal data I’ll be processing and why?
  • Have I obtained separate consent for each different purpose?
  • Is my consent request specific, informed, and unambiguous?
  • Can clients easily withdraw consent for each purpose?
  • Am I using the most appropriate lawful basis (consent, contract, or legitimate interests)?
  • Do I have proper documentation of when and how consent was given?

Remember, GDPR compliance isn’t just about avoiding penalties—it’s about building trust with your clients by being transparent about how you handle their personal information.

The regulations might seem complex, but the underlying principle is simple: respect your clients’ personal data and give them control over how it’s used. That’s something every professional coach should embrace, regardless of legal requirements.

__

Photo credit: Duncan Meyer on Unsplash

RELATED POSTS