28th November 2018

GDPR and your Parent Group - What You Can Still Do

Connect's Sara McFarlane helps you through the GDPR maze in her helpful blog.

How is your Parent Council/PTA managing in this post-GDPR world? It’s almost six months since the General Data Protection Regulation came into force to strengthen individuals’ rights over their personal data. However, you can still communicate with parents and your parent group! We're hearing horror stories about parent groups being told they can no longer communicate with parents because of GDPR.  That is not true - below, we set out all the things you can still do!

The data protection rules are pretty much the same as before: it was always good practice to keep information securely, to have a reason for keeping it, to keep it accurate and up to date, and to respect the rights of individuals. What’s different is there are now harsher consequences if you don’t follow them!

You can still hold contact details for parents

·         Just make sure they are kept securely so only authorised members of your group have access

·         And make sure you have a reason for keeping them, for example holding names and phone numbers of parents during a school disco as emergency contacts

You can still email newsletters to parents

·         Just make sure they have a way to unsubscribe. If you are using an e-newsletter platform this should include an unsubscribe link in your emails. If you are sending our emails ‘by hand,’ include a signature telling people they can say they want to unsubscribe by replying to the email, and remember to take them off your list if they do!

You can still hold contact details for children if you are running a club

·         Just remember that children have the same rights over their information as adults do, and if they are under 13 years you need to have consent from their parent/carer

Remember to keep these points in mind when dealing with a person’s information:

·         If you don’t use it, don’t collect it.

·         Only those who need to should have access to it

·         Delete it when it is no longer needed (remember to empty your recycle bin too if you keep a database or list, and shred paper copies too!)

·         Remember to get permission.

·         Make sure they know how, why, and for how long you will hold it.