GDPR has 99 articles and is 90 pages when printed. There is a lot of detail in it and unlike us at SchoolsGDPR few of you will read it, after all that’s what we are here for.
At any time during your project, if you want to test if you are on the right track you can ask yourself if the data subject would be surprised or annoyed by what is happening to their data.
Transparency is necessary to ensure they are not surprised. GDPR addresses this through privacy notices. Privacy notices are a challenge as they need to include a fair amount of information on how data is gathered and processed, the legal basis for this, categories of entity it is shared with and some other items.
On the other hand, the GDPR also requires the privacy notice to be concise. Being both concise and complete is a challenge. As well as this the notices need to be written in plain language and when children will rely on them there is an even greater obligation to make them clear and understandable
We have included two privacy notices in the SchoolsGDPR pack, the first is based on our standard approach and has been used in the public and private sectors. We then gathered a group of younger teenagers in a room for a few hours and went through this standard notice with them to get their feedback. They gave us loads of advice on what they didn’t understand, the language used and the way it was presented. The result is a child friendly and child approved privacy notice that includes the information necessary to comply with the GDPR.