February 1st, 2019
Privacy and data protection have always been important for the individual. It's a matter of respect that companies handle your data correctly. Nevertheless, ever since the European Union’s GDPR (General Data Protection Regulation) came into place, small business owners have not known exactly what to do with it, and how it can effect their own business.
Let’s say that you have a music school or a school where the kids study foreign languages. Do you have to make adjustments to your record-keeping? What exactly is the information that is deemed as “delicate?” Would you still be able to carry that data on a simple portable device, or do you need special school management software?
If you are planning to open a small teaching business, here is what you must know about GDPR.
The GDPR first came into effect less than one year ago, in May 2018. These regulations apply mostly to all types of businesses that work with data and people – and not only for schools. It affects every company in the entire world that deals with personal data gathered from people that are part of the European Union.
The GDPR’s purpose is to protect the privacy of those that are part of the European Union, giving them control over how that data is collected, used, or stored. The term in itself might seem rather scary at first – but once you learn about its key areas, you should know how to apply it to your educational small business.
This will include absolutely every person that you might be collecting personal data from. They can be your employees, fellow teachers, secretaries, accountants – even the company that brings you paperclips and other supplies. By personal data, we mean names, bank details, contacts, and so on.
You may only collect personal data if you are legally required to do so. For example, you might need it for signing a contract with a new teacher, or for recruiting new students for your classes.
Similarly, the students (or parents) may have asked you to provide some data on your teaching classes. Regardless of the cases, you need to tell them precisely why you need to collect their data – and you should only use it for the purpose that you have mentioned.
The terms and conditions and user contracts are there for a reason: to be read and agreed upon before signing. These texts need to be very easy to understand by anyone – without any complicated texts that can be misleading.
Whenever you add something in your data management system, you should know that every individual has the right to ask about everything – at least what you collect about them. This right is not particularly new; however, what changed is that they now have to provide the answer within a month – and they can no longer charge any fees for that service.
Just like every partner has the right to know, they also have the right to ask for the deletion of any personal data, no matter if it is from the student database or the whole school database. The only time when their request might be denied is when that company still needs that data for legal reasons (for example, tax).
Every individual should have the right to ask for a copy of their personal data, no matter the purpose that they wish to use it for. One of the examples would be using that data so that they could transition towards a different service provider (i.e. your students want to transfer to a different school, or your professors want to get employed in a different teaching business).
If any breaching to the personal data occurs, you will have to inform the supervisory authority. Everything needs to be straightforward and transparent so that none of the data is used against the law.
As a person in charge of running a small teaching business, you should know that there is a very big difference between personal and sensitive data – although both are just as important. Personal data will include the data necessary to identify a student or their family, as well as a professor or the school’s partner. When it comes to school information, this will include things such as name, contact details, address, disciplinary records, progress reports. This is the kind of data that remains public in school records, even if the person decides to make it public (for example, when publishing a book).
However, schools also have a special category that will touch upon data that is slightly more sensitive. As far as schools are concerned, this category will include the biometric data of a student (e.g. photos, fingerprints), but also their health status (for example, if they have any allergies or health conditions that are important to mention).
This category might also include the religious beliefs of a student – which could explain why they may be opting out of the religion class. Their dietary requirements may also be added in that category – and that might be because of their health conditions or their religious beliefs. Regardless of the purpose, schools and other small teaching businesses can’t use this data without the consent of at least one parent.
Personal data is important, and you must keep it private unless you are required by law to access it. As a person in charge of a small teaching business, you should not only protect the privacy of your students – but the privacy of your teachers as well.
So, the GDPR protects both the manager of the school, as well as the students and professors. Basically, every person that gave their data will have the right to know why that data is collected and will be able to control what happens to it.