Everything Dinosaur and GDPR

The deadline for compliance with regards to the General Data Protection Regulation (GDPR) is fast approaching.  GDPR is the European Union’s (EU) binding legislation for the protection of personal data.  The regulation will come into effect on May 25th, 2018 and Everything Dinosaur team members are making sure that we will be compliant by the due date.  Our plans are well advanced, having started our journey towards meeting these new requirements back in the autumn of last year.  We have also had a bit of a head start compared to many other organisations as Everything Dinosaur is already registered under the UK Data Protection Act.  We have always put our customers front and centre when it comes to our organisation and designing our business policies, this includes providing assurance and protection for data subjects, to use the vernacular, or as we say at Everything Dinosaur – people.

Sorting Out Consents to Meet GDPR Standards

Teaching and dinosaur workshop feedback form (GDPR).

Teaching feedback form with informed, specific and unambiguous consent.

Picture Credit: Everything Dinosaur

The first tangible changes have been prepared and embedded into our working practices.  Soon all the websites will be amended, but it is not just digital information that comes under this new regulation, good old-fashioned paperwork is covered too.

Take for example, our dinosaur workshop feedback form (see above), it has been changed to provide a positive, affirmative opt-in and it requests for consent in a specific and unambiguous way.  Under GDPR, permission for use of personal data such as identifiers like an email address or name has to be consented to.  This consent must be freely given, hence the changes to our feedback form.

 A Positive Opt-in Consent for Use of Data

Teaching Feedback Form (2018).

Teaching feedback form with specific, informed and unambiguous consent.

Picture Credit: Everything Dinosaur

The new feedback form explains how this data will be used by Everything Dinosaur.

The regulation will be in effect on the 25th May 2018 and it has been designed to deal with the inconsistencies within the current data protection laws that exist throughout the European Union.   GDPR aims to facilitate the secure, free-flow of data and provide enhanced protection for data subjects (individuals whose data is managed, processed, handled and stored).  It is very likely that the UK will enshrine the GDPR regulation into its own legislation.  Schools and other institutions will also have to ensure compliance, we suspect that many organisations will be working extremely hard to try and meet the May 25th deadline.