PCR independent school management solution and website
Customer Portal
School Portal
Demo
SOLUTION
FAQ
PRICING
EMPLOYMENT
BLOG
SUPPORT
KNOWLEDGE BASE
Team
Admissions
CMS Website
Community Connect
Finance & Student Billing
Fundraising / Development
Student Information
Cafeteria POS
Summer Camp & School
301-947-7380
sales@pcreducator.com
School Information Management System & Website Software
Blog
GDPR
GDPR
GDPR
The GDPR is a legislation passed within the European Union (EU), which focuses on protecting the personal data of EU citizens. The legislation is unique as it sets forth regulations for any business that controls or processes EU citizen data, regardless of the company's location.
Does GDPR affect your school?
If you have an inquiry, an applicant, a parent or any other user is phisically located in European Union at the moment when they submit their data to your school, then GDPR applies to your organization.
When does the GDPR go into effect?
May 25, 2018
What constitutes personal data?
Any information related to a natural person or ‘Data Subject', that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
What is the difference between a data processor and a data controller?
A controller is the entity that determines the purposes, conditions and means of the processing of personal data (School), while the processor is an entity which processes personal data on behalf of the controller (PCR Educator).
Do data processors need 'explicit' or 'unambiguous' data subject consent - and what is the difference?
The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent - meaning it must be unambiguous. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it. Explicit consent is required only for processing sensitive personal data. However, for non-sensitive data, “unambiguous” consent will suffice. When the processing has multiple purposes, the processor or controller must obtain consent for each purpose. Please refer to
https://ico.org.uk/media/about-the-ico/consultations/2013551/draft-gdpr-consent-guidance-for-consultation-201703.pdf
for more information.
Lawful basis for processing personal data.
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it. If the data processing is necessary for compliance with a legal obligation to which the controller is subject (school) or processing is necessary for the performance of a contract to which the data subject is party (i.e a student enrolls in the school, parents sign the enrollment agreement and the school needs to proces the student's data to perform its business), then controller (school) does not need a consent.
What about Data Subjects under the age of 16?
Parental consent will be required to process the personal data of children under the age of 16 for online services; member states may legislate for a lower age of consent but this will not be below the age of 13.
How does the GDPR affect policy surrounding data breaches?
To comply with GDPR and to facilitate compliance with GRPR for our client schools, PCR Educator, as soon as reasonably practicable upon becoming aware, will notify its customer of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed by PCR Educator, its sub-processors, or any other identified or unidentified third party. Consequently, upon receiving a notification from PCR Educator about a data breach, your school must notify the data privacy supervisory authority in the EU member states of which the affected individuals are residents within 72 hours, unless you can demonstrate that the data breach is “unlikely to result in a risk to the rights and freedoms of natural persons.” PCR Educator is revising its agreements with ourc clients to ensure that this provision is clearely communicated in the contract.
What changes should a school make with regards to GDPR and its use of PCR Educator?
The schools should identify the areas where they collect any data from any individuals where the collection of the data is not justified under the following clause:
“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.” Then, update these data entry forms to include consents that would serve as a basis for lawful data processing.
If you are interested to learn more, the full legislation and additional regulation details can be found at
http://www.eugdpr.org/
.
See also
User
DAT
PCR Educator School Information System is an online database engineered for schools and universities to deliver the highest level of flexibility, unique experience, transparent communication and customized design.
Facebook
Linkedin
301-947-7380
sales@pcreducator.com
Schedule Demo
Please, make sure that all required fields (marked with *) are completed.
School Name
Please Enter a Maximum of 100 Characters.
*
Relation to School
*
select
Administration - Database Manager
Administration - Head of School
Administration - Registrar
Development - Director of Development
Finance - Business Manager
Finance - CFO
IT - Director of Technology
Other - Parent
Other - Staff
Other - Volunteer
Last Name
Please Enter a Maximum of 30 Characters.
*
Your First Name
Please Enter a Maximum of 20 Characters.
*
Your Email
Invalid Email
Please Enter a Maximum of 100 Characters.
*
Your Phone #
Please Enter a Maximum of 20 Characters.
*
Household
User