Case Study

West Wood Club

Westwood Club Top Img

Company Background

West Wood Club is Dublin’s leading health and fitness provider with six locations across Dublin, offering modern gym facilities, swimming pools, group fitness studios, free fitness classes, personal training, kids gym facilities, and childcare. West Wood Club has 400 employees and over 35,000 members from infants to pensioners and every demographic in between.

West Wood has been in business for nearly 30 years. As a result, they hold a massive amount of stored data on members, past members, marketing and sales leads, and staff; both digitally and in paper form. In addition, West Wood runs several other programs in childcare, swimming, tennis and personal training that had their own data storage issues.

When GDPR was rolled out in 2018, they were faced with the challenge of dealing with all the paperwork and internal databases.

“We truly believed we would be able to get things sorted ourselves internally. But after a year, we realised this simply was not possible.”
Alan Leach
West Wood Club CEO


Westwood Club Banner 2 Min


Apex engaged with West Wood to complete a GDPR audit in order to scope the extent of efforts required. This involved the identification of data flows through a comprehensive data discovery process and regular meetings with the senior management team. After that, the long-term project plan was created and Apex began work as Data Protection Officer (DPO) for West Wood.

Now, management across 6 locations meet with the DPO on a weekly basis to discuss tasks and objectives. Vendors for the digitalisation of application forms and other documentation were sourced and a digitisation project was conducted.

As DPO, Apex oversees the execution of data subject requests and GDPR related complaints. Training for senior management and general staff has been developed and applied. Retention periods have been defined, working alongside legal counsel, and a vendor for scanning, indexing, and the secure destruction of unnecessary documentation has been sourced.

The use of CCTV has been reviewed by Apex and appropriate signage has been displayed at appropriate points around the clubs. All consent statements have been reviewed and updated.

Direct marketing campaigns have been reviewed by Apex to ensure that the appropriate consent and consent withdrawal mechanisms are in place. Documentation required to fulfill GDPR accountability requirements, including the record of processing activities (ROPA) was developed across all clubs.

The solution process involved the identification of the specific needs of the clubs through a comprehensive data discovery process and regular meetings with the senior management team.


“I have, over the years, hired external companies for certain projects. But I have to say this is the first time ever that a project has been this painless for me personally. Both Tom and Paula have simply taken over the project and become part of the West Wood Club team.

They organised the audits and workshops with all management across all clubs and business units. They set up all the meetings with managers and rolled out the strategies for being fully GDPR compliant. And they have done all this without me having to do anything. This is so important as I have been able to stay focused on other projects we have going on around business development.

Everyone on our GDPR compliance team across all our clubs has loved working with APEX. Tom goes way above and beyond for West Wood Club. If only all projects with external contractors worked this well.”

More Case Studies