Some FAQs about GDPR

PTAs Communications
22 April 2024
GDPR helps to protect the security and privacy of everyone involved in your PTA, from your volunteers to the children in your school. It can seem like a daunting subject, but in this blog we’ve answered some of your top questions on the rules.

GDPR, or the General Data Protection Regulation, helps to protect individuals and their data. It’s important that everyone in your PTA is aware of GDPR rules and follows them closely. But what are the need-to-know facts?

What is personal data?

GDPR protects personal data, which is anything that can be used to identify someone, such as:

  • Names
  • Email addresses
  • Home addresses
  • Phone numbers
  • Photographs, images and videos
  • Medical history
  • Dietary requirements
  • Age, and more

What data should our PTA have?

When you’re collecting people’s data, always think about why you’re doing it and what you’re going to use it for. Say you’re only planning on emailing parents about your PTA’s events, will you need their home address too? Probably not. This isn’t just about good housekeeping – if someone steals information you’ve stored but didn’t have a need for, the blame will not only fall on the criminal who stole it, but your PTA as well.

Who needs to know about GDPR in our PTA?

GDPR is everyone’s responsibility, but you should have a member of your committee who leads on it. They won’t have to know absolutely everything about GDPR, but they should know the basics such as best practice, how GDPR affects your PTA and where to find out more information if it’s needed.

How do we protect the data we collect?

If you’re storing personal information digitally, help keep it safe by:

  • Setting a strong password to protect the device it’s stored on
  • Setting a strong password to protect files and folders containing PTA information
  • Changing passwords often, and always after a committee member steps down
  • Keeping antivirus software up to date
  • Only sending information through secure file sharing systems, like WeTransfer and Dropbox, rather than email

If you store information physically, it should be under literal lock and key and put through a shredder when no longer needed. And never leave data unattended for people to find, for example a list of volunteer names at an event.

Can the school share data with our PTA?

If your school agrees to share parents’ information with your PTA, the school is responsible for asking the parents’ permission before passing it on. You’ll then have one month to tell the parents how you’ll use it. The school should also have consent to share information about your PTA with parents (but this only applies to digital content, not letters). It’s good practice to have a written agreement with the school detailing what will be shared called an information sharing agreement’.

Do we always have to let people know what we’re using their data for? 

Yes. Be clear about this, and get their consent in writing – it gives you a record in case you need to prove you have their information for a legitimate reason. You need to provide information on what you’re going to do with their data, which is your privacy statement’. The same rules apply to pupils, only a parent will have to give consent for them. 

How long can we keep personal data for?

This depends on what it’s being used for. Your PTA will need to implement a policy on how long you’ll keep personal data for and when you’ll review it to make sure everything is accurate and up to date. You can share a Personal Data Audit with relevant members of your committee so everyone is on the same page. Check out our audit template as a starting point. 

What if we make a mistake?

For serious breaches of GDPR, you could be given a hefty fine. But the rules are clear and easy to follow – just remember to stay organised and read our GDPR guide on our website for all the information you need. 

Need more information? Log in to read our in-depth GDPR guide for members. You can also get in touch with our PTA Community Advisers for one-to-one support on 0300 123 5460 or by emailing [email protected].