What you say now? You may have heard, that the new General Data Protection Regulation law will come in effect on 25 May 2018, which is our deadline for getting ready to be GDPR compliant.
What does this mean to you and me? The good news is that this law is actually quite Yogic, it is based on the principles of non-harming, non-stealing, which may look familiar from the Yamas we just covered in previous blog posts. GDPR in a nutshell is about making sure that I take the reasonable steps to protect your data and that you consented to me using it.
For you it means that you have a clear understanding of what data I collect from you, for what reason I collect it, how I use it, how do I store it and how do I protect it. Also understanding your rights relating to this data. And me being only able to use it when you give consent.
For me it means lots and lots of admin, but you only have to do it once! So here are the steps I have taken:
√ - Information audit performed
√ - Privacy and Data Protection Policy written and shared - please read on website
√ - Checked with ICO (Information Commissioner's Office) if I have to register with them - fortunately not
√ - Health forms updated with P&DP Policy and consents
√ - New health forms with P&DP Policy and consents for current students signed - in the process of this as you noticed, thank you for all your help!
√ - Updating Wix (my website provider, GDPR compliant) Shoutout mailing list -
Current students, and students after 1 May 2018, have an option to opt in on the updated health form for newsletters. Students not opting in on the health form are deleted from or not added to the mailing list.
Students who are not current, and have not signed the opt in form physically (completed health form before May 2018) have the option to opt out from the mailing list on each individual e-mail.
√ - Excel file password protected, folder encrypted, updated on external USB stick
√ - Physical forms transferred to secured place
√ - External USB stick also transferred to secured place
Picture credit: www.lepide.com