General Data Protection Regulation compliance update

GDPRFrom 25 May 2018 the Data Protection Act is superseded by theĀ EU General Data Protection Regulation (GDPR) , which is a significantly-stricter regime to protect personal information online. I have recently completed our GDPR review.

The two critical changes are

  • Explicit consent is required for processing sensitive personal data.
  • Parental consent will be required to process the personal data of children under the age of 16 for online services.

 

What counts as sensitive personal data?

  1. Health and genetic data
  2. Biometric data
  3. Racial or ethnic data
  4. Political opinions
  5. Sexual orientation

Of these, only (3) is relevant to Yacapaca. In order for our analytics module to continue to report results broken down by ethnic origin category, we would need written permission from the parent or guardian of every child in the school.

That game, I’m afraid, ain’t worth the candle, so as from September that metadata category has been withdrawn. If you use that analysis, you will need to export the raw data and re-import it into a service such as SIMS that still stores this data.

We are also in the process of removing student email addresses from the system. Although this is not strictly required by GDPR, it will make it easier for school GDPR compliance officers to monitor our service.

On the roadmap to full compliance are

  1. Updated privacy policy, 1/5/18
  2. Updated Terms of Service 21/5/18
  3. Standard Data Protection Contract for your GDPR Data Protection Officer to download, complete and return. This is required for any school or MAT for which we hold student data, 1/5/18.
  4. Individual consent requests to every teacher. We only hold very limited data about teachers, but it still requires consent, to come.

3 thoughts on “General Data Protection Regulation compliance update

  1. Pingback: Top ten FAQs | Yacapaca

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s