A Simple Guide to Risk Management for Gyms and Health Clubs - Powered by
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
A Simple Guide to
Risk Management
for Gyms and Health Clubs
Powered by
Contents
Welcome.................................................................. 3 Paper
Introduction............................................................ 5 Health and safety policy..................................... 34
Accident reporting (including RIDDOR).......... 35
The Four Ps of Risk Management Risk assessments.................................................. 38
People Record keeping..................................................... 40
Induction training 10 Practical Measures
First aid 11 Unstaffed gyms and 24-hour gyms................. 44
Employment disputes............................................ 14 Children in gyms.................................................. 46
Instructors and personal trainers (freelance Outdoor activities................................................ 47
and employees)....................................................... 16
Swimming pools and wet areas......................... 49
Premises
Sunbeds.................................................................. 52
Maintenance of equipment.................................. 19
Beauty treatments................................................ 54
Maintenance of buildings and amenities.......... 20
Bacterial and viral infection control at gyms.. 55
Signage..................................................................... 22
Top 10 tips for gym operators.......................... 58
Fire safety – life safety.......................................... 23
The 7 Ps For Reopening Your Gym................. 60
Fire safety – property protection and business
continuity................................................................... 25 Links and further reading................................... 64
Business continuity planning............................... 27 Addendum
Data protection, cyber security and social Post COVID-19 reopening of gyms and
media........................................................................ 28 health clubs........................................................... 59
1
Welcome
Partners&
A strategic partner with ukactive, Partners& is a leading PLAN DO
insurance adviser to the fitness industry. We have over Our aim is to create the best advisory business in the UK,
twenty years’ experience in supporting the health and characterised by…
fitness sector across the UK with risk management and
ACT CHECK • People who stand shoulder to shoulder with you
insurance advice.
Not surprisingly, we have encountered the extremes • Advice that makes a difference
of good practice and bad practice. One of our main It is an HSE requirement to have the appropriate level of
• Outcomes that shape your future
aims in producing this guide is to share our knowledge competence in health and safety. This can be provided
and experience for the benefit of gym and health internally or externally and there is encouragement from
club operators HSE to consult with health and safety representatives in
good time. While you can opt to use internal resource, Get in touch with us at
Today, anyone responsible for running a gym or health Partners&
we believe operators should also consider the use of
club needs to be fully aware of the challenges facing
a specialist health and safety consultant, ideally with t +44 (0) 3300 940177
them. Demanding statutory obligations, as well as the
experience of working with gyms and health clubs. As
possibility of claims and allegations of negligence in e hello@partnersand.com
well as keeping you updated on important issues and
this highly litigious society, mean it’s imperative that w partnersand.com
changes in law and regulation, external providers also
operators remain legally compliant and implement
provide hands-on assistance with health and safety
suitable and sufficient risk control measures.
planning, implementation, testing and auditing. We Connect with us on:
Through this guide, we will aim to help operators identify can introduce you to our partners in this field; good
many of the main risks they face. It highlights the key risk management contributes positively towards claims
points to consider, giving practical advice and sharing frequency and supports sustainable insurance rates.
best practice on how to manage these risks. The Health
The Partners& holistic approach to risk takes a wide-
and Safety Executive’s (HSE) strategy ‘Managing for
angle view, embracing operational risk, ever-evolving
health and safety’ prescribes a structure called Plan,
cyber risk and “people risk”, helping to keep employees
Do, Check, Act (PDCA); guidance is on the HSE website
healthy, engaged and motivated, and protecting the
www.hse.gov.uk/. For simplicity in this guide, we break
interests of shareholders and business owners.
it all down into our Four Ps of Risk Management (People,
Premises, Paper and Practical Measures). Paper and We hope that this guide will be a convenient and
Practical Measures). practical reference point and that our advice enables
you to navigate the multiple and complex risks in your Partners& is the trading style of J N Dobbin Limited and F & N Reading Limited who are
Whilst we don’t go into great detail on individual authorised and regulated by the Financial Conduct Authority. Registered in England and Wales.
business. If you’d like advice on anything specific, please
subjects, we have provided many references and links to No 00497227 and No. 08087666. Registered office: Partners&, MRIB House, 25 Amersham
contact us directly. Hill, High Wycombe, Buckinghamshire, HP13 6NU. Tel +44 (0) 1494 450011.
organisations, books and websites so that you can access
much more specialist information. The Partners& Team
3
Introduction
The number of people participating in some form of daily The exponential growth in the market in recent years Our experience of dealing with claims in the health and ‘A simple guide to risk management for gyms and health
activity, sport or recreation has increased significantly has invariably resulted in an increase in accident claims fitness sector highlights the most common cause of clubs’ sets out in plain language a process to help
in recent years, recognising the benefits of improving against the operators of these facilities. Insurance accidents which lead to personal injury claims is slips, operators to identify, prioritise and take proportionate
the health of the nation through promoting more active claims highlight a disproportionate increase in both the trips, and falls. These can occur in the shower and action to remove, reduce or transfer those risks that
lifestyles. Getting more people more active more often frequency and severity of accidents and injuries occurring changing areas, in car parks, in studios, on stairs and on threaten the wellbeing of the facility. Achieving this
has resulted in an increase in the number of gyms and and it’s important to address the causes of these trends. the gym floor (particularly the free weights area). will ultimately produce a better, more enjoyable
fitness facilities throughout the UK, now circa 5,000. Whilst the temptation might be to focus on what are experience and a safer environment for members and
There has also been a move to make these facilities considered the unusual or perceived high-risk activities, Some of these accidents are preventable, but many of employees. This guide is aimed at all stakeholders
available to members 24 hours per day; a feature which, the facts show that the majority of accidents are from them are not, and therefore having the right procedures involved in the management and operation of gym
while providing ultimate flexibility and accessibility, mundane everyday gym usage. For every 600 near in place to defend a claim and be compliant with health and health club facilities. It is not intended to be a
can present some unique risks that require careful misses, there is likely to be one fatality and ten major and safety regulations are essential. The sections on H&S prescriptive blueprint for all, recognising that each
consideration and appropriate management controls. accidents. Reducing near misses will also reduce the risk policy, record keeping, risk assessments, signage and facility is unique, and management should adapt the
of fatality or major injury. accident reporting are all relevant to this. guidance to suit their individual operation. It is the
responsibility of management to decide the methods
of the risk management process appropriate for their
The other common causes of claims are as follows facility, ensuring the assessment (“Plan” stage) and
implementation (“Do” stage) involves input from all staff,
• Faulty or poorly maintained equipment not just those at supervisory and management level.
• Negligent instruction or inadequate training/ Experience shows that implementing a robust risk
induction management system can help reduce the incidence of
• User error (a claim can still be valid if the operator accidents and injuries. It can also result in a safer working
has not taken the right measures) environment and better member experience, improve
the quality and service of your proposition, helping to
• Ineffective or poor management controls attract and retain members, and may help obtain more
comprehensive insurance cover at agreeable terms with
insurers.
In this guide, we examine some of the key issues of risk
(Four Ps of Risk Management) and where appropriate,
provide guidance, advice, and good practice on specific
issues.
6
The Four Ps of Risk Management
Induction training
Key points for consideration: Lack of induction training is one of the most common
reasons insurers are unable to defend claims in cases
• Member T&Cs should contain the requirement for where the cause appears to be user error. Personal injury
the completion of a health questionnaire and/or solicitors can cite lack of training as the reason behind
health waiver. Members should complete this on the accident occurring and, unless the gym operator
joining and review it annually can prove that adequate training was provided, the
• Every member must be offered an induction by an claim is unlikely to be settled. Such a situation can be
experienced, qualified member of staff. Consider galling for gym owners, but it is the reality in the current
People
incentive techniques to improve uptake legal environment.
• In the event of a member refusing to undertake To protect against the risk, you should ideally provide
induction, they should sign a document to confirm induction training to every member and then record it.
they have been offered training and have opted not We understand, however, that it is not always practical,
to undertake the induction. You should maintain and particularly when experienced gym users are joining,
records for at least three years they may refuse induction training. When this occurs,
it is important to obtain confirmation in writing that the
• Where appropriate, induction training should also member has been offered but refuses the induction
include procedures and safety protocols for use training. We have developed the induction training
whilst the gym is unstaffed waiver for this precise situation.
• You should keep records of induction training for at
least three years to refer to in the event of a claim Claim example
• Advise users to ask for advice when using any A member suffered an injury to his back whilst using
unfamiliar equipment the lat-pull-down machine. His appointed solicitor later
• Signposts displayed throughout the facility can be claimed the club was responsible for the damages as no
useful to inform, instruct and instil collaboration induction training had been provided. The operator had
between staff and members offered induction training but the member had refused
on the grounds that he was an experienced gym user.
There was, however, no record of this exchange and the
solicitors defending the club had to accept liability.
The importance of recording induction training and
obtaining a signature from the member cannot be
underestimated.
10
First aid
Key points for consideration: of injury is to the public. Therefore, considerations
need to be wider than the legislation, fulfilling the
• Assess your first aid requirements based on the organisation’s general duty of care.
number of employees, the number of members and
the nature of your activities Having trained first aiders on staff is an important
consideration. Clearly, first aiders can provide
• Further guidance on first aid is on on the an invaluable service if a serious injury occurs.
HSE’s website www.hse.gov.uk/firstaid Furthermore, having trained first aiders demonstrates a
commitment to having the right measures in place and
• As a minimum to meet the regulations you will need: will help defend any claims where it is alleged that first
aid provision is inadequate.
1. A fully stocked first aid kit
There are three main recognised standards of normal
2. An appointed person responsible for first aid workplace first aid training:
arrangements
• an appointed persons course, where a first aider is
3. Information distributed to employees explaining not required
the arrangements (e.g. by putting up a notice)
• a one-day Emergency First Aid at Work course
• Seriously consider having a trained First Aider on site (EFAW) with a one-day refresher every three years
at all times
• a minimum three-day First Aid at Work Course
The Health and Safety (First Aid) Regulations 1981 state (FAW) with a two-day refresher every three years
that employers must provide:
With effect from 2013, the HSE no longer has a role
• adequate and appropriate equipment and facilities in approving training providers for any first aid courses.
First aid training can now be provided by:
• adequate numbers of suitable persons to administer
• Ofqual, SQA and the Welsh government accredited
first aid
training providers
• a responsible person to take charge when the
• Companies that operate under voluntary approval
designated first aider is absent schemes, for example, a trade or industry body with
quality assurance schemes accredited by a third
• information to all employees concerning the
party or a training provider that can demonstrate
arrangements for first aid
their competence to an employer by providing
There are no specific legal requirements to provide evidence that they meet the criteria set by HSE
first aid for non-employees, however a gym’s main risk • St John Ambulance, British Red Cross and St
Andrew’s First Aid
11
Defibrillators Employment disputes/disciplinary matters
Key points for consideration: The Citizens Advice Bureau provides a very
good guide to the basic rights of work at
• Clearly differentiate between employee and https://www.citizensadvice.org.uk/work/rights-at-
freelancer status work/#sec57006
• Your business should have a written employment (just replace “England” with your particular region).
contract
There is no doubt that defibrillators • Follow correct disciplinary and dismissal procedures if
it becomes necessary to let an employee go Insurance requirements
in gyms can save lives. • Employee statutory rights differ depending on: Most insurance policies also contain free-to-use legal
advice help lines, where you only have to pay for the
• Whether your business is based in England, cost of the call. If you subsequently choose to use
Northern Ireland, Scotland, or Wales the services of a solicitor, the cost will not be covered
When considering the use of defibrillators, operators should consider the following factors within their risk assessments: unless you have the appropriate insurance in place.
• The length of service that the employee has had
• User profile with the business It is not unusual for a legal expenses policy to contain a
• Accident history condition that you consult with the insurer before you
• Speed at which a defibrillator can be applied to a casualty (within five minutes) • The age of the employee, as different rights exist begin any employee dismissal proceedings. The insurer
• Current first aid equipment provision for children and young people will advise you on the correct procedure to follow
and hopefully avoid the inconvenience and cost of
If you choose to have defibrillators at your premises, it is important to consider the training for their use by employees • The status of the employee especially where attending a tribunal.
and the maintenance of the equipment. Where a defibrillator can be administered within five minutes, it can increase the they are freelance or an agency worker
chances of survival by up to 70%.
An issue may even arise pre-employment that could
lead to an employment dispute, for example, where a
prospective employee alleges discrimination.
A written employment contract detailing the
responsibilities of the employer and employee will
also be necessary, but the contract of employment
cannot take away an employee’s statutory rights.
Further guidance on employment is available at:
https://www.gov.uk/browse/employing-people
13 14
Fitness instructors and personal trainers
Employees, freelancers and subcontractors One point often causing confusion amongst operators
is the status of fitness instructors and personal trainers.
Key points for consideration: If in any doubt about the status of the instructors, the
checklist below may be useful. If any of the statements
• Clarify whether staff are directly employed or
apply, the law is likely to consider them employees:
subcontractors/freelance (even if trainers are not
PAYE, they may be considered employees) • The person is under direct supervision of the
gym operator
• If you are employing any staff, it is a legal
requirement to have employers’ liability insurance • The person receives their training from the
gym operator
• For all personal trainers and fitness instructors,
irrespective of status, it is important you check • The person receives payment for their work in
their competence to carry out the activities they the form of a wage (as opposed to invoicing for
are doing. You should check their qualifications and their services)
experience are appropriate, and ensure there is a
process to repeat this annually or as qualifications • There is a contract of employment in force (written
require renewal or otherwise)
• Check that any freelancers have adequate insurance. It is important to be aware that for employees you have
The limit of public liability should be at least equal a greater responsibility for their safety and the safety of
to your public liability limit to avoid any additional others arising from their actions (Vicarious Liability).
exposure. Ideally, you should keep on file a copy of
the insurance schedule and review it annually
Claim example
• Contracts are important to formalise the
arrangement and clarify the obligations A fitness instructor adjusted a bike before a Spin class.
The bike had not been properly set up and when the
• Consider the use of a specialist company to manage member injured their leg, a claim was brought. As the
these various issues in relation to freelance personal instructor was not properly insured, the gym operator’s
trainers insurers could not make a recovery. The claim
therefore sits with the operator and could impact on
their claim record and future premiums. In some cases,
this could also be a breach of policy conditions and an
insurer could refuse to provide an indemnity.
16
Premises
Maintenance and inspection of equipment Maintenance of buildings and amenities
Key points for consideration: In making inspections of equipment, pay particular Buildings deteriorate over time from general weathering • Blocked or damaged rainwater goods may result
attention to the fixed resistance equipment as the and wear and tear and can quickly become unattractive in damage to the building fabric or water ingress
• Carry out visual inspection of equipment daily cables do fray over time and need to be replaced and potentially unsafe. A regular programme of planned, which could result in temporary disruption to the
• If any equipment has an issue, withdraw it from use before they snap and cause injury. preventative maintenance will ensure the building business. Check rainwater goods regularly and
remains safe and ‘fit for purpose’. clean them at least annually - more regularly when
• Make sure equipment is serviced and maintained in Record keeping is key in this area and a note that daily necessary eg: when close to trees
accordance with manufacturer’s guidelines – ideally inspections have been conducted is essential. There Ensure there is always safe access to and egress from the
through a maintenance contract, though this is not are many ways you can do this, and it should fit in with property for members, employees and visitors, including • Any building erected or refurbished prior to
essential. Those carrying out the inspection regimes other systems and procedures. We do, however, have a taking account of people with disabilities. 2000 may contain asbestos and you should
must be competent to do so daily check sheet available if you need it. therefore appoint a competent person to identify
Planned changes to buildings and protection systems whether there is asbestos present. An Asbestos
• Make sure records of inspection and maintenance are Certain plant and equipment (including boilers, pressure may introduce new, or alter existing, hazards. To ensure Management Plan will help manage the risk and
kept in a clear and accessible format vessels and lifts) must be inspected periodically. Further best risk management practice is incorporated into any include an Asbestos Register that clearly identifies
guidance on maintenance and inspections can be found planned change, discuss details of any planned project the presence and location of asbestos carrying
• The free weights area needs to be kept clear of on the HSE’s website www.hse.gov.uk/safemaintenance with your insurance adviser, and identify where you can materials within the building
obstructions with appropriate racks and signage to secure appropriate additional support and guidance.
help achieve this
Key points and recommended tips for consideration:
Faulty equipment is the second most common cause of Claim example Car parks
claims in gyms. Whilst following the above steps would • Regular inspections are a key part of any
A member using dumbbells alleged that his finger was maintenance programme to help identify problems Many gyms have some form of parking area that
not always prevent accidents, it will assist in a successful crushed as a result of another free weight being left on
defence of the claim. We have seen accidents involving promptly. Early remedial action by a competent is either owned or managed. Poorly maintained,
the floor thereby causing an obstruction. contractor is essential to prevent further, more poorly signposted or unlit car parks can be a source
most equipment over time, but certain pieces of kit have
a noticeably higher incident rate. These include: Other similar claims have been made and, as they costly, damage. Retain records of this of repeated, attritional slip, trip, and fall accidents
need little evidence on causation, they can be hard to and injuries resulting from the relatively high
• Lat pull down machine • Inspect roofs regularly - at least annually or following footfall experienced.
defend. particularly stormy weather. Records of inspections
• Smith machine should be retained
• Spin bikes
• Cable cross over machine
• Swiss balls (bursting)
19 20continued Signage
Key points and recommended tips for consideration: Key points for consideration:
• Carry out a risk assessment for car parking facilities • Some signs are required by law If, having conducted a risk assessment at your premises,
to identify particular hazards eg: vulnerable to you have concluded that a sign is necessary, then the
• Where signs are necessary, they must be in the sign must meet with certain standards as well as being
flooding, ice build-up, and prioritise inspection and
correct format maintained. For example, it is likely that under the
maintenance regimes
• The absence of adequate signage could weaken Regulatory Reform (Fire Safety) Order 2005 that you
• Provide efficient means of access and egress for will need a “fire exit” sign.
your case in the event of an injury claim being made
vehicles eg: one-way systems, and segregate
against you Temporary signage may also be needed. Where a risk
pedestrian walkways where possible
The main law covering the rules concerning signage at of injury is identified you owe a duty of care to provide
• Provide adequate lighting for frequently used car effective signs warning of such risks. Examples are wet
your premises is the Health and Safety (Safety Signs and
parking facilities or slippery floors, uneven surfaces, and defects in the
Signals) Regulations 1996.
• Instruct/train employees to carry out car park premises.
The Health and Safety Executive has produced a very
inspections using an inspection checklist that Within your gym, it is highly recommended signage
good guide that can be purchased or downloaded for
demonstrates inspections have taken place and, is prominently displayed to inform, instruct, and instil
free from their website at http://www.hse.gov.uk/pubns/
where appropriate, that no defect was identified collaboration between staff and members. Display
books/l64.htm
• Ensure that repairs carried out are documented to posters encouraging regular induction, demonstrations
The business premises will be subject to a “no smoking” of equipment, safe stretching exercises and where
ensure an effective inspection and maintenance audit
ban and it is a requirement under The Smoke-free (Signs) appropriate, particularly on resistance equipment, each
trail
Regulations 2012 for you to display the correct sign. If machine should clearly warn of unsafe methods of use.
you have business vehicles, then a “No Smoking” sign
is also a requirement. The legislation differs slightly
Claim example depending on where in the UK you are. Claim example
An employee fell over on a pothole in the employee Employers have a legal duty under the Health and Safety
car park. It was found that no system of inspecting and Many slips, trip and fall accidents occur where floor
Information for Employees (Amendment) Regulations surfaces are wet. The resulting claim is likely to succeed
maintaining the car park was in place. The business 2009 (HSIER) to display the approved health and
owner was found to be liable. where there is an absence of clear and effective
safety poster or provide each worker with a copy of warning signs and/or cleaning logs and records.
the approved leaflet. A poster can be purchased at
https://www.hse.gov.uk/pubns/books/lawposter.htm
21 22Fire safety - life safety
Key points for consideration: The written record will need to detail:
• It is a legal requirement to conduct a fire risk • The fire risks that exist at your premises
assessment
• What your employees must do to prevent a fire
• Your insurer may ask for confirmation that this
assessment has been done • Training on fire prevention
• The assessment needs to be reviewed regularly • The use of fire detection and fighting equipment
• Good management and housekeeping are essential. • The correct evacuation procedures should there be
Electronic equipment should be regularly maintained a fire
and unplugged when not in use • Consideration of those that use and/or visit your
• Saunas, arson, and faulty electrics are the most premises
common source of fires You should review fire risk assessments as follows:
Fire risk assessments should be undertaken for gyms and • Following an incident
health clubs in compliance with the Regulatory Reform
(Fire Safety) Regulations 2005 (England and Wales); Part • When new sources of ignition, combustion
Three of the Fire (Scotland) Act 2005, supported by the and oxygen have been introduced
Fire Safety (Scotland) Regulations 2006; and The Fire (ie: the risk has changed)
Safety Regulations (Northern Ireland) 2010.
• Following significant changes in personnel
Furniture and furnishings should comply with The
Furniture and Furnishings (Fire) (Safety) (Amendment) • Ideally annually
Regulations 2010. The government has produced a very good guide that
The laws essentially require that a fire risk assessment is can be downloaded from www.gov.uk/government/
carried out by a “responsible person” and a written record collections/fire-safety-law-and-guidance-documents-
of the assessment must exist. for-business.
The Fire Industry Association (FIA) website also has a
wealth of free information at www.fia.uk.com.
23Fire safety
Property protection and business continuity to perimeter doors, access control systems and recommended in the periodic inspection report.
installing electronic security systems such as Further guidance on electrical safety is available at
Some gyms and health clubs will contain facilities where intruder alarms and high quality CCTV www.hse.gov.uk/electricity
the risk of fire is relatively high eg: use of saunas, cooking
and waste storage arrangements. Common fire hazards • Reviewing the fire risk assessment periodically, • Portable electrical equipment should be inspected
associated include: especially prior to proposals to change the layout and tested at least in accordance with HS(G)107.
of the premises A risk assessment should be used to determine the
• Deliberate fire setting, often as a result of programme of inspection and testing
combustible waste material in unsecured bins or • Avoiding hot work wherever possible or where
storing waste too near to the property there is no practicable alternative to the use of hot • Installing an Automatic Fire Detection (AFD) system.
work, using an appropriate Permit to Work system The system should be installed and maintained by
• Heat produced because of poorly maintained plant a UKAS accredited company and the category of
and equipment • Cooking should only be undertaken in a fire installation as determined by Risk Assessment
compartment designed to provide a minimum
• Electrical fire hazards from poorly maintained 30-minutes’ fire resistance between the cooking • Arranging for the AFD installation to be monitored
equipment and installations area and other parts of the building. The kitchen by a UKAS accredited alarm receiving centre to
should be properly designed and equipped for the ensure the fire and rescue service is called without
• Cooking/preparation of food within a cafe or
purpose and deep fat fryers should be avoided delay outside normal operating hours
restaurant
where possible
• Providing an appropriate number of suitable Fire
• Many large gym fires have originated from saunas
• Saunas should be designed and managed Extinguishing Appliances (FEA). Installation and
where the cause of the fire has been attributed to
in accordance with guidance set out in the maintenance should be in accordance with BS5306-
improper construction, poor maintenance, loose
RISCAuthority Guide – see https://www. 3. FEA should be accessible by staff; and staff trained
materials being left in the sauna eg: newspapers
riscauthority.co.uk/free-document-library/ in their use
or towels and illicit use of flammable (body) oils/
fragrances • Avoiding the use of candles in massage and • Appointing and training staff as fire wardens and
treatment rooms ensuring that the premises are evacuated without
• Fire doors being wedged open or providing
delay in the event of fire
inadequate fire stopping • Arranging planned, preventative maintenance
contracts with competent engineers for all plant • Ensuring water supplies in the area are adequate for
• Poorly planned or ill-considered access for firefighting
and equipment in accordance with manufacturers’ firefighting purposes and access to the site is readily
Some simple control measures, however, can remove or instructions accessible for the fire and rescue service; and
reduce the risk of unplanned events such as fires and you
• Ensuring electrical installations are designed, • Establishing an effective emergency and
should consider:
installed, and periodically tested by a competent business recovery plan to ensure the resilience
• Assessing the likelihood of deliberate fire raising at electrician in accordance with the current edition of the business. Business continuity and incident
the time of the fire risk assessment. Provide suitable of the IET Wiring Regulations BS7671. Carry management planning software is available free from
security measures, including suitable security locks out inspections on a risk assessed basis as https://robust.riscauthority.co.uk/
25Business continuity Data protection
The introduction of the General Data Protection
Key points for consideration:
Regulations (GDPR) in 2018 has meant stricter rules for
• Analyse what the key threats to the business are – that can be accessed. The early stages following a all businesses concerning the collection, storage, and
remember these may not just be physical risks but disaster can be critical to the businesses recovery so processing of personal customer data.
others such as loss of IT or power having contacts and allocated responsibilities for certain
jobs can help. Gyms and health clubs have the potential to gather a
• Regularly review the adequacy of your insurable wealth of personal customer information and in some
values to identify if you have adequate and As temporary premises are unlikely to be available, you cases, that information could be highly sensitive in
appropriate levels of cover may wish to consider reciprocal arrangements with nature. For example: name, address, email, payment/
other local gyms so your members can continue to card details, medical information, and ethnicity. It is
• Take measures to reduce the likelihood and impact of work out, thus reducing the loss of customer base and important to note that third party liability risk, risk
these threats revenue. from threats to your own IT platforms and reputational
• Plan on how to cope with the impact damage risks rest with the operator even where data is
The short guide compiled by Aviva is a useful overview collected and processed via a third-party membership
• Keep key documents in an accessible format - this and provides additional detail on the points raised system. Therefore, appropriate protocols and controls are
should include key contact numbers and procedures here without going into excessive depth. Please see necessary.
https://www.aviva.co.uk/risksolutions/knowledgestore/
• Test the plan answer/1687/. Article 5 of GDPR lays out six principles for processing
data which businesses need to follow:
Whilst office-based businesses may have an easier job in A sample plan template is freely available at https://
planning for disasters as temporary premises can be easy www.riscauthority.co.uk/free-document-library/ 1. Personal data must be processed in a lawful, fair, and
to come by, the same cannot be said for gyms and health RISCAuthority-Library_detail.business-continuity- transparent manner
clubs. This is quite a specialist area and we strongly template-for-small-businesses.html.
recommend the use of a specialist consultant to assist. 2. Any data collected must be done so for a specific
Free software to assist in developing a plan is also and stated purpose. It must be explained to the user/
Even if you do not get to the stage of a sophisticated available at https://robust.riscauthority.co.uk/. customer/client why that data has been collected
business recovery plan, just having a few simple measures and what it is going to be used for
in place will help. In particular, it’s important to make sure
computer data is regularly backed up off-site and can be 3. Data collected must be relevant to a specific task
quickly restored. It is also important to have the plan - in other words, minimise the amount of data
itself stored away from the premises and at a location collected where possible
4. Personal data must be kept up to date and accurate
5. Data must not be stored for longer than is necessary
6. Personal data must always be stored securely
27Cyber security Social media
GDPR means that penalties can be imposed on • Install appropriate firewall and anti-virus software In a comparatively short space of time the use of social • Set up a system of approvals for social posts
organisations for not taking appropriate steps to secure and ensuring it is tested and kept up to date media has become an important tool for businesses to
or prevent access to data about individuals. A Gov.UK connect and maintain contact with new and existing • Appoint a senior manager with responsibility for
survey released in March 2020 reported that 46% of UK • Enable password protection for smartphone and customers about the products and services offered. social media
businesses and charities reported a cyber incident during tablet devices However, without appropriate controls, social media can • Monitor your accounts and engage in social
the year. Under GDPR, individuals who suffer material or non- also be a risk to the wellbeing of an organisation. Some listening
material damage as a result of an infringement of the simple risk management controls to reduce and mitigate
A cyber security breach can damage an organisation exposure include: • Invest in security technology - protect your
in many ways, ranging from disruption and data loss, regulations have the right to claim compensation. You
could face compensation claims not only for financial social media accounts with automated, real-time
damage through loss of intellectual property, denial • Create a social media policy protection against hacks, phishing, malicious
of access to websites and services, physical loss or losses but also for distress and hurt feelings, even when
there is no financial loss. In addition, you could also • Train staff on social media security best practices content, and compliance risks
damage through viruses, ransomware and other forms of
malicious software, reputational impact through damaged have to pay their legal costs (in the event you were • Perform a regular audit
unsuccessful in defending a legal action) in addition to • Limit social media access
brand image and impaired customer relations.
your own legal defence costs.
Cybercrime by hacking a computer system or gaining
illicit access to a person’s personal data is big business In addition to any legal liability that may be incurred by
and can take many forms including (unusual terms a data loss, an organisation could also find themselves
such as): phishing, spear phishing, whaling, smishing liable for damage to third parties through unintentional
and vishing. It is usually perpetrated through malware, onward transmission of malware, or through their
denial of access or web attacks to your computer or computer system being maliciously taken over and
smartphone. involved in a Distributed Denial of Service attack (DDoS)
on other organisations.
Approximately 80% of cyber-attacks can be prevented or
at least mitigated by basic information risk management: Consider a cyber risk policy to protect your gym or health
club from the financial impact of client data breaches if
• Establish an incident management plan to ensure you negligence on the part of your company is determined to
can respond quickly to, and mitigate the impact of an be the cause of breach. Please speak to your insurance
actual, or alleged, data breach adviser for further advice and guidance.
• Perform a regular back-up of data
29Paper
Health and safety
Policy and arrangements
Key points for consideration:
• If you employ five or more people you must have a Since 2013, the Health and Safety Executive no longer
written health and safety policy carries out automatic inspections of business premises,
unless you are working in a high risk industry, the Health
• Your employees need to read your policy and meet and Safety Executive has received a complaint or you
the stated requirements have had a major workplace incident. If an HSE Inspector
• The health and safety policy should be reviewed does call, you should be prepared and a useful leaflet
regularly explaining what to expect is available at https://www.hse.
gov.uk/pubns/hsc14.pdf.
If you employ five or more people, the Health and Safety
at Work Act 1974 requires you as a business to have As part of the Enterprise and Regulatory Reform Act
a written health and safety policy. Even if you have 2013, the strict liability provisions under S.47 of the
fewer than five employees it is still a good idea to have Health and Safety at Work etc. Act 1974 no longer
something in writing, especially if you should find yourself applies, although there are some exceptions. Essentially,
needing to prove what measures you had taken to keep employees now have to show that an employer has been
people safe. negligent, but employers will still need to make sure they
meet their statutory requirements for health and safety in
The health and safety policy will set out how you as a the workplace.
business manage the health and safety risks associated
with your organisation. It also demonstrates to your The business must also display the health and safety
employees that you care about their welfare and law poster or provide each worker with a copy of the
hopefully it will help reduce the likelihood of an accident equivalent pocket card. The business must display the
occurring. poster where workers can easily read it.
The policy should be reviewed on a regular basis, The Health and Safety Executive has produced
especially when there have been changes in your a very good guide that can be found at http://
business. For further information about how to manage books.hse.gov.uk/hse/public/saleproduct.
risk visit https://www.hse.gov.uk/simple-health-safety/ jsf?catalogueCode=9780717664481
index.htm.
34Accident reporting (including RIDDOR)
Key points for consideration: Entries in the accident book must be kept for at least A brief guide to ‘Reporting of Injuries, Diseases and
three years and in the case of the old style books, the Dangerous Occurrences Regulations 2013' (INDG 453
• All accidents and near misses at your premises should • ‘Over 7 day’ injuries to employees should be whole book must be retained for three years from the (Rev1) can be found at https://www.hse.gov.uk/pubns/
be recorded reported within 15 days using the online form. date of the last entry. The reason for this minimum indg453.pdf
Diseases should be reported without delay following retention period is due to the three-year limitation on
• More serious accidents need to be reported the employer receiving written notification from a The HSE's approved forms to be used, preferably
individual’s right to claim compensation for injuries.
• Maintaining written records is a must, especially if medical practitioner that the individual is suffering online, when reporting work related accidents, diseases,
they are needed to defend legal action from one of the specified conditions RIDDOR also requires that records are kept by the dangerous occurrences, and gas incidents can be found
‘responsible person’ of incidents reported as injuries, at: https://www.hse.gov.uk/forms/incident/index.htm
The RIDDOR (Reporting of Injuries, Diseases and • Unless the accident is of a type recordable or disease, or dangerous occurrences and recordable ‘over
Dangerous Occurrences Regulations 2013), puts duties reportable under RIDDOR there is no legal three-day’ injuries to employees and the self-employed. A BI510 Accident Book is available to purchase from HSE
on employers, the self-employed and people in control of requirement to keep records of accidents to non- The record keeping requirements are fulfilled by keeping: books and other book and stationery retailers
work premises (the responsible person) to report certain employees. However, from a claim’s defensibility
serious workplace accidents, occupational diseases and perspective, it is good practice to record details of all • for reportable accidents, a copy of the statutory
specified dangerous occurrences (near misses) to the accidents involving members report, the date of the report to the enforcing Claim examples
HSE, (Health and Safety Executive). authority and a record of the way the report was
Employers with ten or more employees are required to made, which will usually be on-line Specific examples of health and fitness clubs failing to
Incidents that happen in Northern Ireland should be keep an accident reporting book. The approved format report accidents at work are hard to find, but companies
reported to the HSE NI. is that shown in the BI510 2018 edition accident book • for recordable, but not reportable injuries to that have had a problem in this area include:
(ISBN 9780717666935) which is available in pads of tear employees, a record of date and time of the accident,
• Reports are made on-line at http://www.hse.gov.uk/ out forms, from HSE Books and other book retailers. To the full name and occupation of the injured person, Tata Chemicals Europe, which was ordered to pay more
riddor using the relevant on line report form (F2508 comply with data protection requirements, you should the nature of the injury, the place where the than £170,000 in penalties in April 2013 for three
for a report of an injury or dangerous occurrence and remove completed pages and file them confidentially. It accident happened and a brief description of the separate incidents at its Cheshire factory from 2010.
F2508A for a report of a disease). Hard copy written is not a requirement to use the BI510 form, although if circumstances
reports can no longer be submitted, and telephone Tesco was prosecuted for not reporting staff accidents
employers wish to use their own form, it must include
reports are only available for deaths and specified It is good practice from a learning and claims defensibility properly at two of its Berkshire stores, and for failing to
at least the same content and must be available to
injuries via the HSE's Incident Contact Centre (ICC) perspective to investigate all accidents and near misses load and unload vehicles safely. The fine amounted to
employees to make their own report unhindered.
on 0345 300 9923 (Mon– Fri 8.30am to 5pm) which caused or could have led to injury at the premises; £34,000.
however, it is worth noting that the legal requirements
Insurance may cover the costs of defending an allegation
for incident investigation are relatively limited. Employers
of failing to comply with RIDDOR, but the fines
have a duty to monitor and review their health and
themselves are not insurable.
safety management systems and one of the essential
components of the management system is to investigate
accidents and incidents and then implement appropriate
remedial actions.
35 36Risk assessments
Risk assessments A framework for a realistic and proportionate health
and safety system in small and medium size businesses
Every business has a legal, moral, and financial obligation should incorporate the following:
to organise, manage and control the welfare, safety
and health of their employees and any visitors to their • Appoint a person responsible for health and safety
premises. By organising, managing and controlling the - an internal, suitably experienced person or an
risks that are present within the workplace, the business external professional
will not only ensure compliance but will assist in the
reduction of the number and severity of accidents and • Prepare a health and safety policy which meets
help in the reduction in the cost of insurance claims. current legal requirements and best practice,
ensuring the policy is regularly reviewed to ensure it
A business’s responsibility for the health and safety adequately reflects the activities of the business
of employees and visitors varies according to sector,
however as a minimum, all business should follow some • Prepare and regularly review risk assessments of all
basic principles of: activities that may affect the health and safety of
employees and visitors
• Risk identification
• The development of safe working practices
• Elimination of those risks that threaten the safety or
wellbeing of an individual • The recording of appropriate health and safety
training for all staff
• Substitution of hazardous operations or activities
• Recording of accidents and near misses
• Control of activities
• Regular auditing of health and safety systems and
• Provision of appropriate personal protective procedures
equipment
• Education and training of persons exposed to
hazardous operations
• Discipline and enforced control procedures
38Record keeping
Key points for consideration: If the injury is as a result of a substance that could
Key points for consideration: be hazardous to health, perhaps something used for
• There may be a legal requirement to keep documents cleaning purposes, then the requirements of COSHH list
• Risk assessments are required by law • Controlling of substances hazardous to health stored
• Good record keeping provides evidence of working sixteen documents that can be requested (if relevant)
at the premises
• There are several different types of risk assessment practices including the risk assessment, records of the maintenance
• Swimming pools of personal protective equipment and the examination of
• Keep written records of risk assessments undertaken In many instances there is a legal requirement to keep local exhaust ventilation.
• Use of the gym by young persons and maintain written records of the health and safety
A risk assessment is something that most businesses are Should an incident occur it is possible that any legal
measures including risk assessments, gas safety checks,
required by law to carry out. The assessment itself is an • Special events action may not be brought for up to three years from the
Control of Substances Hazardous to Health (COSHH)
examination of the hazards that may exist within your date of the incident (and longer if the injury has been
Of course, if you hold any events outside your normal documentation, passenger lift examinations, cleaning logs
business that potentially could harm your employees and to someone under eighteen years of age). In the case of
place of work, for example running clubs, you should also etc. that have been conducted at your business.
customers and subsequently the measures that need to work-related employee industrial diseases, legal action
be taken by the business to eliminate, reduce or control conduct suitable risk assessments.
These records need to be available for inspection can be brought up to three years from the date that the
those hazards. The Health and Safety Executive has produced a very whether an incident has occurred at your business or employee became aware of the condition. You should
good guide at www.hse.gov.uk/risk/fivesteps.htm not. The Health and Safety Executive has a legal right to therefore keep records in accordance with the legal
Risk assessments need to be in writing, compiled by
examine such records. requirements, including:
a competent person and reviewed on a regular basis. The Health and Safety Executive for Northern Ireland has
The exact nature of the risk assessment will vary from a guide at Establishing simple but effective checklist records can • Accident book entry
business to business and for gyms should cover your also be invaluable. Gyms are places of high footfall
main facilities and activities https://www.hseni.gov.uk/articles/risk-assessment especially during busy, peak periods and operating a daily • First aid report
Opening and Closing Checklist will help identify problems • Accident investigation report (inc witness statements)
Typically you should conduct risk assessments for:
and enable you to put in place appropriate controls
• Fire safety to mitigate risks. If someone has been injured at your • Safety representative accident report
premises this will obviously aid any defence, if all relevant
• Slips, trips, and falls throughout the premises records have been kept including details that have been • RIDDOR report
(including changing rooms) recorded in the Accident Book (a legal requirement). • HSE correspondence
• Display screen equipment Training records including staff training and induction
training for members can be vital to the successful • Report to Department for Social Security (DSS)
• Manual handling activities defence of a claim.
• Pre-accident risk assessment
• Post-accident risk assessment
• Evidence of training
39 40Employers’ liability insurance is a legal requirement
where the gym has employees. There is a requirement to
display your employers’ liability insurance certificate in a
prominent place at each place of work. Although there is
Practical Measures
no longer a requirement to keep your employers’ liability
documents for forty years, recommended best practice
suggests that records are kept.
A quick word on the Data Protection Act as well.
Employers are required to ensure confidential and
appropriate handling of “sensitive personal data”,
including access to personnel records of a person’s
health.
Claim example
An employee lost the tip of a finger whilst using a
dangerous piece of equipment. His employers’ liability
claim succeeded because there was no record of the
training provided on using the equipment safely.
41Unstaffed and 24-hour gyms
Key points for consideration:
• Consider what equipment and facilities are blind spots, including exits). The footage should also be
appropriate for an unstaffed gym recorded, and monitoring of the footage by a professional
security company is a major advantage.
• CCTV with a system of recording and monitoring is
important if not essential Many unsupervised clubs have a deliberately limited
range of facilities; however, if you operate a club with
• Access control is necessary to restrict entry. A key facilities such as sunbeds, saunas, and pools, these pose
fob/entry card system or biometric entry system a greater risk and restricting access to these facilities to
would be the most secure method staffed hours only is recommended. It is important to
• There should be an emergency contact system in note that unsupervised sunbeds are banned in Wales and
place for members to raise the alarm unsupervised use of sunbeds for under 18s is banned in
England.
• Induction training should also include taking
members through procedures for usage whilst the
gym is unstaffed Claim example
• Appropriate signage is essential, both warnings and A lady slipped on the stairs of a 24-hour gym and injured
advice her back. The incident was recorded on CCTV, which
• Daily inspection of equipment and recording of such showed it was just an unfortunate accident. As a result
checks is even more important for unsupervised of the evidence being produced, the operator was able
gyms to successfully defend the claim, and nothing was paid to
the claimant.
The arrival of the 24-hour gym has brought new
challenges for managing the risk in gyms; however,
with the right approach the exposure of a 24-hour gym
needn’t be excessive. CCTV is particularly effective
in reducing the risk. Operators need to consider the
coverage of the CCTV (ideally full coverage with no
44Children in gyms
Key points for consideration:
• Children need to be supervised by a responsible what is suitable but common sense must prevail. For
adult: a parent or guardian, or maybe an employee of example, free weights are not suitable for very young
the gym. In any case, the responsibility needs to be children.
made clear
Other activities such as children’s parties and summer
• Consider the nature of the activities and their clubs require extra care and attention and warrant a
suitability for the age group specific risk assessment.
• Staff may need specific training in delivering activities If you have swimming pools which children may use or
for children crèches, we recommend that you seek specific advice.
The following links may be useful:
• A child protection policy is highly recommended
Crèche Safety - https://documents.hants.gov.uk/
• DBS (formerly CRB) check is recommended for all childrens-services/Guidancenotesforcrecheprovision.pdf
personnel coming into one-to-one contact with
children. Please note this is a requirement of some Swimming Pools (Free HSE download) www.hse.gov.uk/
insurance policies. Further consideration should be pubns/books/hsg179.htm
given to establishing appropriate policies relating
to abuse, safeguarding and whistleblowing; all
communicated to staff on a signed receipt basis. Claim example
With the government agenda on childhood obesity, A gym operated a children’s circuit class. One of the
junior memberships and specialist classes for young activities was running on the treadmill; however, an
people are becoming more common. This area does come eleven year-old was left on the treadmill without an
with some risks, so it is important to manage it carefully. instructor nearby. The child came off the treadmill,
There is an increased responsibility in allowing children seriously injuring themselves. Due to lack of supervision
on to your premises. and instruction, there was no defence to this claim, and it
In particular, it’s essential to make sure children are was therefore settled in favour of the claimant.
adequately supervised, as well as ensuring that they only
carry out suitable activities. There is no defined list of
46You can also read
