As a professional, you have probably heard about GDPR and Data Protection. If you haven’t, then you need to! As it’s a significant piece of legislation. Don’t worry, we’ll take you through what it is and who it applies to in a straightforward bare-bones way. So there is no confusion! So what is GDPR?
GDPR
GDPR stands for General Data Protection Regulation. This came into effect within the EU in 2016 and then it came into force in the UK in 2018. Additionally, countries within Europe were given the ability to make small changes to the legislation to suit their own needs. So the UK created the Data Protection Act 2018, which replaced the previous 1998 Data Protection Act.
Still with me? Good! GDPR and Data Protection Act is a set of rules that state how people can access information about themselves and places limits on what companies, organisations and the government can do with people’s personal data.
Who does it apply to?
So now you know a bit more about GDPR and Data Protection, but who does it apply to? At the heart of GDPR is personal data. In short, this is information that allows a person to be directly or indirectly identified from the data that’s available. This could be anything from a name, location or even IP address. There are also a few special categories of personal data that have greater protection. In formation such as:
Racial or ethnic origin
Political opinions
Religious Beliefs
Membership of trade unions
Genetic and biometric data
Health information and
Data about a person’s sex life or orientation
There are also a few key principles that you need to abide by when it comes to handling a person’s data. You have to make sure that the information is:
Used fairly, in a lawful way with transparency
The information is used for specific and explicit purposes
It’s used in a way that is relevant to what you need and limited to what is necessary
Accurate and kept up-to-date
Not kept for long periods of time,
Kept in a way that ensures it’s secure, this includes protection against unlawful or unauthorised processing, access, loss, destruction or damage
There are also separate safeguards for personal data relating to criminal convictions and offences, but this won’t always be necessary.
As a company
Brooks and Kirk ensure all customer data is safe and secure within its database system. We also make sure that we aren’t giving out information to third parties without the learner’s consent. We also don’t keep learners’ information for longer than necessary.
As assessors
As professionals, it’s important that you know about GDPR and Data Protection, so you know how to handle your learner’s data. Nevertheless, you should also follow your company’s GDPR policies and procedures because they are specifically outlined. If you’re standardising and talking about a learner’s work and using it as an example should you be redacting any of the information of that learner? These are just a few things you can think about when it comes to GDPR.
