The General Data Protection Regulations (GDPR) apply to any person or organisation that collects, processes, stores or shares personal data about individuals.
Under the regulations people own their own data and other people are not allowed to collect, process, store or share personal data without permission. They must explain why they want to collect the data, what they are going to do with it, how long they keep it, how they protect it, and how they will safely dispose of it. If they hold any personal data, for which they do not have permission, they need to get permission or dispose of it.
A Data Controller is any person with responsibility for acquiring personal data and determining the purposes and means of the processing of that data under the terms of the General Data Protection Regulations (GDPR).
A Data Processor is any person who manages, modifies, stores, or analyses personal data on behalf of, or in conjunction with, the data controller.
In the case of limited companies and other organisations, there must be a named person with responsibility for ensuring compliance. For Team Teach Ltd the Data Controller is David Millard, Group Compliance Director.
Team Teach Ltd is entitled to collect data, for example in order to comply with contractual obligations, to comply with other legal requirements and in the pursuit of its legitimate business interests. Wherever possible we want to obtain the consent of course members to enable us to do this.
It is important that course members understand that we cannot provide certificated training unless course members agree to provide the necessary information in accordance with the regulations.
For that reason, we have changed some of the forms we use in order to comply with the regulations. We also provide information on the Team Teach website in the form of a Privacy Notice. Compliance with GDPR is a contractual obligation for anyone providing Team Teach training. It is part of the Team Teach Code of Practice, and part of all Area Operating Licences.
The regulations apply to self-employed individuals, companies and organisations.
Trainers collect and share personal data with Team Teach Ltd in the form of Summary Evaluations, so they may be regarded as Data Processors. They have a legal duty to make sure they obtain consent, protect the data, do not use it for any other purpose and safely dispose of it after seven years.
Employer Trainers are operating on behalf of their employer. Their employer must comply with GDPR. Employer Trainers need to know who their employer’s data controller is and ensure that they comply with the regulations. They need to retain individual course evaluations and their own training records for a period of seven years. This is to enable them to provide ongoing support to course members, to ensure that refresher schedules are adhered to, to enable performance management, and to provide evidence of training to employers, regulators, investigators and the Courts should they be required. Thought needs to be given to how the data is stored, secured, protected and safely disposed of after seven years.
When trainers complete the Summary Evaluation Form they are signing an undertaking to comply with GDPR and protect all related data.
Commercial training companies who deliver Team Teach training under licence must have their own Data Controllers. They are responsible for ensuring their own GDPR compliance. Individual trainers have the same responsibilities as Employer Trainers.
In small companies they may be the Data Controller, in the case of the data they retain and Data Processors in relation to the data they forward to Team Teach. They need to ensure compliance with GDPR themselves. They might find it helpful to use the Team Teach Privacy Notice as a model, before reviewing their current systems and writing their own Privacy Notice. When trainers complete the Summary Evaluation Form they are signing an undertaking to comply with GDPR and protect all related data.
Self-employed trainers will also need to ensure they comply with GDPR. They will be the Data Controller in the case of the data they retain and Data Processors in relation to the data they forward to Team Teach, in which case they need to ensure compliance with GDPR themselves. They might find it helpful to use the Team Teach Privacy Notice as a model, before reviewing their current systems and writing their own Privacy Notice. When trainers complete the Summary Evaluation Form they are signing an undertaking to comply with GDPR and protect all related data.
The only difference for Principal Trainers is that they collect more data on behalf of Team Teach Ltd. In addition to the signing-in forms and summary evaluations, they forward course registration documents.
Moderators operate as Data Processors. They are not required to keep personal data on behalf of Team Teach. As part of their moderation duties they may make notes which include personal data. Those forms are forwarded to Team Teach Ltd.