Our current online booking supplier is withdrawing our system on 25 May 18 as they aren't able to make the necessary changes to ensure it would comply with the new GDPR regulations coming into force on that date. This leaves us desperately seeking an alternative online booking system.
All advice gratefully received.
Hi - what information do you collect that does not comply?
Trainee names, parents names, carer names, teacher names, contact details, health info. We will need to redesign our permission forms with opt in for all of this. The main issue could be finding the info if an individual requests it at a later stage.
Don't know if the following is of any help at all - I'm sure I've still got things to learn on GDPR and different schools seem to have different ideas about it.
We have built our own online booking and admin but currently our parental consent forms (that include the privacy statement) are not part of it - that is, schools download them from our system and email them out to parents, who send them to the school office. Instructors check them over and then hand them back to the office. Our non-school booking does have online details, but depersonalises it after the training date has finished.
Our information governance team agreed the following wording on our consent forms if it's of any help to you, I am currently double-checking if it is still robust enough for GDPR:
"Use of your personal information: the school looks after this consent form. When our Instructors arrive at the school, they will ask to see the consent forms and hand them back to the school staff after having looked at them and before starting their teaching. We use course registers that contain each trainee’s name and the outcomes achieved. We keep completed registers in our office for two years and then dispose of them securely. We never pass personal information on to third parties."
Thanks, that permission form wording sounds good and we were thinking that we would also give them back to schools once we had checked them to avoid storing them. How about the contact info you may have for school staff? We have a slightly different issue at our cycling centre where we have many repeat visitors who are vulnerable adults and children with complex health needs. This info is important to the instructors in planning appropriate activities and selecting the most suitable cycles but we will have to work out if and how it should be stored.
Hi - the info we store for school staff is their name and the school email and phone, so my understanding is that this would not require their permission to store - I stand to be corrected though! I'd be surprised though as that information is always available on a school website.
The cycling centre situation sounds challenging, we aren't in that situation - I guess that's health data so 'special category'?
Often our teachers use their own email addresses. Pretty sure that to store any personal info requires permission. Perhaps the way round it is to only ever use the main school email address or to ask teachers for opt in permission to contact them about booking bikeability/cycling activities.
Don't worry about formatting, just type in the text and we'll take care of making sense of it. We will auto-convert links, and if you put asterisks around words we will make them bold.
For a full reference visit the Markdown syntax.
© TABS, powered by microcosm.
Report a problem
The Association of Bikeability Schemes.