Teacher Mantra for GDPR
is it LEGAL? is it LINKED? is it LOCKED? If in doubt: ASK or STOP is it LEGAL?
Do you need to gather, process, store, the information at all?
Is it key to your professional role?
Is it yours to process? Might #Consent be required? How sensitive is the data? What if you lost it?
Is there sufficient #Transparency in what you are doing?
is it LINKED?
Share Links to Data rather than the Data itself. Keep it in the Cloud. In an MIS. In a central repository. In a shared spreadsheet or document. Not as an attachment. Not on paper. Not in a local spreadsheet. Not on a local drive. Not on a memory stick.
is it LOCKED?
Lock documents. Lock data stores. Lock cabinets. Lock screens. Lock doors. Lock phones.
Change passwords regularly. Keys.
Consider DualFactor authentication. Biometrics.
Data should either be locked away or clearly published. Don’t destroy data if you have the master record unless this is your policy for that type of document.
See the full thread here.