How does GDPR affect you as a music teacher? (All Teachers)
How does GDPR affect you as a music teacher?
The new GDPR EU ruling will be coming in on the 25th May. It is legislation around data protection…after the last few months of research & talks here is 5 steps to take note of as a music teacher:
1. The GDPR applies to you, as you collect data on students. Specifically, you are likely to have names, email addresses, phone numbers. You might even have what is known as “sensitive data”, so information relating to medical conditions (for example about the voice for singing teachers), gender, sexual preferences, religious views – the last three are things a student might tell you during lessons. If you were to write it down somewhere (email, Facebook message etc.) then this is data that needs protecting. For teachers who have their own websites, you must consider the collecting of IP addresses etc. of your website users as “data”.
2. You must ensure this data is secure. Easy tip; make sure you have a good password on your email account, 2-factor login verification if possible (Gmail allows this). Most of the above data is sitting in your emails. Delete data you don’t need. Delete accounts you don’t use.
3. You must make sure this data is relevant. If you have information about students that is interesting but not vital to your service, you no longer have a right to collect it. You must also make sure you have the permission of a student to collect this data, doing this by a non-preselected tic box. This cannot be bundled with other agreements, for example, to pay for lessons you must accept my marketing emails. The two must be separate, opt-in only and with a chance to opt out at any point.
4. A student can request you to delete all data you have about them. You must do this. However, you can keep data related to invoices and payments for the purpose of HMRC
5. If you are hacked, for example, your email is compromised you must inform individuals who might be affected within 72 hours. Detailing what details might have been stolen. You must also inform the Information Commissioner’s Office of the data breach.
I hope this post is useful for teachers worrying about this. I have been working really hard on the GDPR at my end to ensure that we comply. I am not a lawyer, so please contact relevant professional services for legal advice about the above. However, as ever I would more than happy to answer any questions I can with the knowledge I have gained by researching this topic.
In summary, if you are sensible and secure with the data you have on students you don’t need to worry about GDPR.
Log in to reply.