As you will know, the General Data Protection Regulation (GDPR) came into force on May 25 2018, and was designed to modernise laws that protect the personal information of individuals.
Want to ensure you’re compliant with the new legislation? We’ve compiled the below handy checklist to help you.
Deciding whether you need to seek consent
- We have checked that consent is the most appropriate lawful basis for processing.
- This won’t be very often for schools – you only need to seek consent where none of the other ‘lawful bases’ (legal reasons) apply. For example, ask for consent to:
- Use photographs or videos of pupils on your school’s website or in other promotional material
- Send marketing material to prospective parents
- Send fundraising requests to alumni
- Don’t worry about asking for consent in situations that are covered by other lawful bases. For example:
- Sharing child protection concerns and records with the appropriate people or agencies
- Submitting census data to the Department for Education
Asking for consent (refer to these actions when writing a consent form)
- We have made the request for consent clear and separate from other terms and conditions
- We ask people to positively opt in
- We don’t use pre-ticked boxes, or any other type of consent by default
- We use clear, plain language that is easy to understand
- We specify why we want the data and what we’re going to do with it
- We give separate options to consent to the different things we will do with the data
- We have named our organisation and any third parties that process the data
- We ensure that the individual can refuse to consent without detriment
- We don’t make consent a precondition of a service
- We keep a record of when and how we get consent from individuals
- We keep a record of exactly what they were told at the time
Managing consent on an ongoing basis
- We regularly review consents to check that the relationship, the processing and the purposes have not changed
- We have processes in place to refresh consent at appropriate intervals, including any parental consents
- We make it easy for individuals to withdraw their consent at any time and publicise how to do so
- We act on withdrawals of consent as soon as we can
- We don’t penalise individuals who wish to withdraw consent
At ScholarPack, we take your data security seriously. Not only is your data backed up 3 times a day, but we also use the latest encryption technology to keep it for your school’s eyes only. We also include tools to help make you GDPR compliant, right out of the box. Book a demo to find out more.