If you live in a European country, you have probably received a whole load of emails recently, from companies asking you to accept their updated privacy policy. This is because the General Data Protection Regulations (GDPR) come into force on 25th May 2018 and requires that all businesses issue a privacy statement to all clients and contacts, regarding the data held about the individual.
This also includes music teachers, as they hold personal data about their students such as phone numbers, email and postal addresses, dates of birth (for exam entries) etc., and these are often stored on digital devices such as phones or computers. It will become a legal requirement on 25th May 2018, that all businesses which hold data about individuals comply and non compliance can incur fines of up to €20 million, or 4% annual turnover – whichever is higher, depending on the severity and nature of the infringement.
This article will explain what you need to do if you are a music teacher and want to stay legal.
Basically, any processor of personal data must disclose what data is being collected and how, why it is being processed, how long it is being kept, and if it is being shared with any other parties. Users have the right to request a copy of the data collected by a processor and the right to have their data deleted under certain circumstances.
Here are some questions that might help you ascertain what you need to do.
1. Do you have a record of the personal data you hold?
2. Have you explained to your students why you have personal data and how you use it.
3. Do you have a plan in case people ask about their rights regarding the personal information you hold about them.
4. Is your storage of data secure. This can include locking filing cabinets and password-protecting any of your devices and cloud storage that hold your students personal data.
There has also been some confusion as to whether music teachers need to register with the ICO (Information Commissioner's Office) that keeps a register of all businesses that hold data about individuals in the UK.
Most organisations that process personal data must notify the ICO of certain details about that processing and this includes a £35 admin fee. However, the Act provides exemptions from notification for organisations that process personal data only for accounts and records in connection with their own business activity and some not-for-profit organisations (i.e. if you give piano lessons for free) and organisations that do not process personal information on computer (i.e. if you only have hand written records)
Further information about these exemptions can be found here
https://ico.org.uk/for-organisations/guide-to-data-protection/exemptions/
So basically most teachers won't have much to worry about or do, to be in compliance but they should provide a privacy statement to which all their students should consent and I have made a sample privacy statement which you can copy and use for your own students HERE
Please do pass on this article to anyone who you think is affected by this new law coming in tomorrow and make sure that we all stay legal.
This article will explain what you need to do if you are a music teacher and want to stay legal.
Basically, any processor of personal data must disclose what data is being collected and how, why it is being processed, how long it is being kept, and if it is being shared with any other parties. Users have the right to request a copy of the data collected by a processor and the right to have their data deleted under certain circumstances.
Here are some questions that might help you ascertain what you need to do.
1. Do you have a record of the personal data you hold?
2. Have you explained to your students why you have personal data and how you use it.
3. Do you have a plan in case people ask about their rights regarding the personal information you hold about them.
4. Is your storage of data secure. This can include locking filing cabinets and password-protecting any of your devices and cloud storage that hold your students personal data.
There has also been some confusion as to whether music teachers need to register with the ICO (Information Commissioner's Office) that keeps a register of all businesses that hold data about individuals in the UK.
Most organisations that process personal data must notify the ICO of certain details about that processing and this includes a £35 admin fee. However, the Act provides exemptions from notification for organisations that process personal data only for accounts and records in connection with their own business activity and some not-for-profit organisations (i.e. if you give piano lessons for free) and organisations that do not process personal information on computer (i.e. if you only have hand written records)
Further information about these exemptions can be found here
https://ico.org.uk/for-organisations/guide-to-data-protection/exemptions/
So basically most teachers won't have much to worry about or do, to be in compliance but they should provide a privacy statement to which all their students should consent and I have made a sample privacy statement which you can copy and use for your own students HERE
Please do pass on this article to anyone who you think is affected by this new law coming in tomorrow and make sure that we all stay legal.
No comments:
Post a Comment
Comments with external links not accepted and WILL BE DELETED