Running your PTA

GDPR is everyone ’ s responsibility , but we recommend assigning one member of your committee to lead on it . They shouldn ’ t be expected to remember absolutely everything by heart , but they should know the basics , including best practice , how GDPR affects your PTA and , if necessary , where to find more information .

Storing information digitally ? Help keep it safe by :

• Setting a strong password to protect the device it ’ s stored on

• Setting a strong password to protect files and folders containing PTA information

• Changing passwords often , and always after a committee member steps down

• Keeping antivirus software up to date

• Only sending information through secure file sharing systems , like WeTransfer and Dropbox , rather than email

If you store information physically , it should be under literal lock and key and put through a shredder when no longer needed .

Never leave information unattended for people to find , such as a list of volunteer names at an event .

If your school agrees to share parents ’ information with your PTA , the school is responsible for asking the parents ’ permission before passing it on . You ’ ll then have one month to tell the parents how you ’ ll use their personal information . The school should also have consent to share information about your PTA with parents ( but this only applies to digital content , not letters ). It ’ s good practice to have a written agreement with the school detailing what will be shared called an ‘ information sharing agreement ’.

If you need to get consent directly from parents to use their information , be clear about what you ’ re asking for . Getting this in writing is important : it gives you a record in case you need to prove you have their information for a legitimate reason . You also need to provide information on what you ’ re going to do with their data . This is your ‘ privacy statement ’. The same rules apply to pupils , except that the person with parental responsibility has to give consent for a child .

RESOURCES

Check out the GDPR guide on our website : parentkind . org / gdpr-for-ptas

When you collect personal information , you ’ ll need to know what it ’ s being used for , so you ’ ll know when to destroy it . Your PTA will need to implement a policy on how long you ’ ll keep personal information for and when you ’ ll review it to keep everything accurate and up to date . You can share a Personal Data Audit with relevant members of your committee to ensure everyone is on the same page .

RESOURCES

GDPR data audit template : parentkind . org / gdpraudit-template

For serious breaches of GDPR , you could be given a hefty fine . But the rules are clear and easy to follow – just remember to stay organised and read our GDPR guide on our website for all the information you need .

We can turn ‘ GDParrrgh ?’ into ‘ GDPahhhh , I see !’

If you ’ ve got any GDPR questions , call our PTA Community Advisers for oneto-one support on 0300 123 5460 or by emailing : info @ parentkind . org . They ’ re here to help you Monday to Friday , 9am to 5pm . You can also book a Zoom appointment on our website : parentkind . org / zoommeetings

Photo / illustration : Shutterstock