3a) Understanding and engaging with legislation
Statements here should show how relevant legislation, has influenced your work. You are not expected to have expert knowledge of all of these areas, but are expected to be aware of how they relate to and impact upon your current practice. In the UK you would be expected to demonstrate how you work within the context of a relevant piece of legislation.
CMALT Guidance 2019
General Data Protection Regulation (GDPR)
I am mindful of the Data Protection Act 2018 and the GPDR and am highly conscious that personal data must be processed in accordance with some key principles :
- Personal data must be processed lawfully, fairly and transparently
- It must only be collected for specific purposes
- It must on be collected for what is necessary for those purposes
- It must be kept accurate and held for no longer than is necessary and retained securely.
Working within the context of GDPR and Data Protection
By way of a practical example, how I worked within the context of these legislator areas in my role as Manager and Professional Development for ALT and the Open Digital Badge Project.
I wanted to be able to issue open digital badges to ALT members and other people that attend some of our events. As such, I researched several different platforms to identify which platform would be the most appropriate to recommend to our board of trustees. Once I had identified my preferred platform ( Open Badge Factory) as part of the usual ALT workflow and practice, I determined that we would be using a new service provider which wasn’t covered by the existing data processing arrangements, and as we would need things like names, email addresses and evidence links etc, it was necessary to undertake a Data Protection Impact Assessment (DPA) in order to help identify and minimise the data protection risks as part of the project. The steps I took were :
- I described how we would collect, use, store and delete data and for what purpose.
- I had to identify the benefits of the new processing and what I wanted to achieve, I felt that badge earners would be able to receive, display and share their badges and use them to evidence skills and competencies in relation to their ALT activities. There would also be additional benefits including community social interaction between badge earners, adding value to the ALT membership offer. [📢CP4]
- I confirmed that the personal data would come from existing sources that we would normally collect during our usual business processes so that this would continue to be handled under ALT’s existing data and privacy policy. As part of the project, new processing of data would include the creation of badges on a third party badge platform (Open Badge Factor), limited to name, email and evidence links as appropriate. None of the new data processing was identified as high risk. I outlined the nature of the data which was limited to information available in the public domain and confirmed that as it related to CPD activities, it would be retained for as long as those activities were relevant or removed at the subjects request. I had to confirm that the individuals being awarded badges would have existing contact records stored in the ALT customer records system (CiviCRM) and therefore would be covered by existing data and privacy policies which include subject requests for the deletion / and or correction of personal data. In addition I noted that Open Badge Factory and the associated Open Badge Passport are certified by IMS Global which is responsible for developing the Open Badges Standard.
- I had to identify and assess risks in relation to the impact on individuals and in collaboration with the Chief Technology Officer determined that the overall risk was low.
- I researched the Open Badge Factory Privacy Notice and Data Processing agreement and included links to this within the DPA
- I completed the document and sought approval from ALT’s Data Controller (Maren Deepwell Chief Executive). The DPA was signed off in August 2020 and we entered into a relationship with Open Badge Factory for issuing our badges at ALT 💻CP2
Reflection
I found that doing the Impact Assessment really helped me to think long and hard about the impact on the end-user and identify and minimise the data protection risks. Although it is a requirement to do one of these for processing which is likely to be a high risk to individuals, I think it is really good practice to consider doing one of these for any major project that requires the processing of personal data so this is something I have taken forward into my practice. Update: While at ALT I issued more than 5000 badges to our members which were really well received (See Wakelet below )
Evidence
ALT Data Protection Impact Assessments and Privacy Policy
GDPR and Data Protection Certificates and Training
Wakelet Showing Happy ALT Members receiving their Badges
(Apologies that the Wakelet sometimes takes an age to load so here is also a quick screen shot just in case )
| Core Principles & Ethics | Key |
| A commitment to exploring and understanding the interplay between technology and learning | 🔎CP1 |
| A commitment to keep up to date with new technologies | 💻CP2 |
| An empathy with and willingness to learn from colleagues from different backgrounds and specialisms | 💗CP3 |
| A commitment to communicate and disseminate effective practice | 📢CP4 |
| Ethical Considerations | ✅Ethics |
CP1] A commitment to exploring and understanding the interplay between technology and learning.
CP2] commitment to keep up to date with new technologies.
CP4 ] A commitment to communicate and disseminate effective practice
Ethics] Ethical Considerations
You must be logged in to post a comment.