The Right to be Forgotten is one of the many changes that are becoming law around personal privacy. The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. This applies to any state in the EU. Many other states and countries worldwide are also adopting more stringent privacy laws to protect personal information and give individuals the right to control what information they have in online services.

 

 

In response to these new laws, Studio Pro has several tools in the system to meet the requirements set forth by the new regulations. 

 

Parents can hover over their name in the upper right of the Parent Portal and will see the menu option for Right to be Forgotten.  

 

The next screen will show a Forget Me button they can click. This will send an email to the studio owner with information on who submitted the request.  It is up to the studio owner to process the request. 

 

 

1.) You need to know the privacy laws in your area. Depending on the laws of your country and state, you may or may not have to comply with the request.

2.) Verify that this person does not owe you any money. You are not required to process this request until all financial obligations have been satisfied. This includes tuition, account balances, and sales orders.

3.) Do not delete the Parent and Student records. This could impact your revenue reporting. You should change the first and last names to something not personally identifiable. An example would be to change the parent's name to First Name: "Forgotten" Last Name: "Parent" and for the students of that parent: "Forgotten" "Student"

 

4.) You also need to remove the email addresses, physical addresses, medical information and phone numbers for the students and parents. Remove any information that you have collected that would be deemed personally identifiable.  Again, do not simply delete the parent and student records. 

5.) If you have used other services that you have exported or synced the parent or student's data to for communication, you will need to remove their names from that information. Examples would be marketing services like MailChimp and Constant Contact. 

6.) Once you have complied with the request, you must notify the person making the request that you have complied with their request.