How does GDPR affect you as a music teacher? (All Teachers)

[Matthew Rusk]

Andrew Ford that is a pretty major screw up by MailChimp, what a nightmare!

[Andrew Ford]

Matthew Rusk I’m gonna message them and find out. Maybe I’m doing something wrong…

[Matthew Rusk]

Andrew Ford this is an interesting read: http://www.bbc.co.uk/news/technology-44240664 & what I talked about with Eliza Jane Fyfe. I am not sure you really need to re-consent users of your list to allow you to continue to send newsletters to them. The law cannot be retrospective and assuming you have collected the data in a reasonable way (sounds like you have, as you ask people if they wanted your newsletter), protect the data properly (using say a two factor authentication on your mailchimp list + strong password) and are using it to send information that is relevant to why they signed up (so about piano lesson related activities…not about cheap holiday packages to Spain) then you are still complying with GDPR. I have a feeling that many of the big companies are simply trying to cover their backs by “re-consenting” their users, however, I have now seen several articles that say this process is unnecessary if data is being reasonable handled for reasonable purposes. In addition, if the first port of call, if someone would have a complaint, would be for them to unsubscribe, contact you to highlight their displeasure at receiving it. I believe, from reading, at worst you would get a warning, however, I think you could demonstrate that this newsletter was relevant to the users subscribed and you always gave them the option to opt out.

[Andrew Ford]

Interesting reading, thanks.

[Phil Schneider]

I have been handing out similar information to all students.

point 2. Arent the email service providers responsible for email security ? Besides not printing your password on your forehead or obvious self inflicted blunders.

Information Commissioner’s Office 486 employees and aroud 644 million active websites in the world. cant really see them being that effective

Legislation not clear anyway
Guardian
“The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said, as new rules over data privacy come into force at the end of this week.

Many companies, acting based on poor legal advice, a fear of fines of up to €20m (£17.5m) and a lack of good examples to follow, have taken what they see as the safest option for hewing to the General Data Protection Regulation (GDPR): asking customers to renew their consent for marketing communications and data processing.
Why the GDPR email deluge, and can I ignore it?

But Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, said many of those requests would be needless paperwork, and some that were not would be illegal.

“Businesses are not required to automatically ‘repaper’ or refresh all existing 1998 Act consents in preparation for the GDPR,” Vitale said. “The first question to ask is: which of the six legal grounds under the GDPR should you rely on to process personal data? Consent is only one ground. The others are contract, legal obligation, vital interests, public interest and legitimate interests.

“Even if you are relying on consent, that still does not mean you have to ask for consent again. Recital 171 of the GDPR makes clear you can continue to rely on any existing consent that was given in line with the GDPR requirements, and there’s no need to seek fresh consent. Just make sure that your consent met the GDPR standard and that consents are properly documented.”

In other words, if the business had consent to communicate with you before GDPR, that consent probably carries over, and even if it doesn’t carry over, there are five other reasons a company can cite for continuing to process data.

What’s more, Vitale said, if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you to give it that consent.

“In many cases the sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email.”

The lack of understanding around when and why consent is needed under GDPR has prompted the Information Commissioner’s Office to try to resolve some of the “myths” of GDPR.

“We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them,” Steve Wood, the deputy information commissioner, wrote in guidance for businesses. “So think about whether you actually need to refresh consent before you send that email, and don’t forget to put in place mechanisms for people to withdraw their consent easily.”

Like Vitale, Wood emphasised that asking for marketing consent from people who had not given it initially could be illegal. “It’s also important to remember that in some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act,” he said.