Final GDPR Checks

We have sent out detailed instructions to all user about preparations for GDPR within the TERMS MIS. This is a short article about the steps and changes that are necessary.

Purging old data
You are not allowed to retain data on individuals without good reason, such as for funding or audit purposes.

Generally speaking you should not have data that is more than 5 or 6 years old and your local GDPR policy may dictate that you should retain less data.

The removal of old data will involve a Purge process within TERMS. There is a special routine that needs to be ran and to ensure that it is not ran accidentally you will require a pin-code from ourselves. This can be obtained via the helpdesk.

The purge process will retain a determined number of years of data – e.g. 5 years’ worth – and administrative data prior to this will be removed. This means that old courses, receipts, room bookings, charges, enrolments, threads, attachments, etc. will be permanently removed from the system. This will leave old learner accounts without this related data.

Once this process is complete, each learner is checked individually and if they have not been active within the period to be retained – e.g. 5 years – and were not added to the system within that time then they will be deleted from the database.

Learners who were added to the system prior to the period that have been recently active within the period will not be removed.

This is an important step and should be ran on your TERMS system to ensure you are not holding data that you are not legally entitled to hold.

You must have a complete backup of your data and document storage prior to running the purge process.

If you are hosted with West March Systems then we will schedule purging directly with you.

Recording Contact Preferences
Within TERMS there are new options for the contact preferences of people, both for service use and for ESFA use.

Service use is your administrative use of their email address and texting contact number. This is recoded on the personal record.

Learner Agreements
When a new Learner Agreement is created within the system the recorded contact preferences are automatically added to the Learner Agreement and presented onscreen.

If the preferences are changed on the Learner Agreement then it will be recorded back with the other data as normal if it has not already been agreed.
This means the Learner Agreement can be used as a double check on any supplied documentation from the learner.

Study Learners and ILR builds.
Study Learner details are similar to Learner Agreements.

There is a formal ILR RUI and PMC section for the GDPR opt-in values and a DPA tab for backward compatibility with the opt-out preferences.

  • The ILR builds will take the GPDR opt-in values for the 18/19 Academic Year and onwards.
  • The 17/18 ILR builds will use the DPA options where present.

ILR returns for 2018-19
The new GDPR values will be used for all ILR survey builds within TERMS for 2018/19. There is an option available to map the old “DPA” opt-out options over to the new GDPR opt-in values, but this should only be used after consultation. If you want more information on this feature then please contact the TERMS support desk.

Please note that the “GDPR” options will not be used in 2017-18 builds, for those you must record the “DPA” options, see below.

ILR returns for 2017-18
The ESFA require returns for 2017-18 to still use the old “DPA” opt-out options. This means that any existing values will still be used and each input are of TERMS has two options for recording preferences – one for opt-in and one for the older opt-out.

Updating preferences via the Web
A learner may update their contact preferences via the Web. The main TERMS system can send out emails to each person that has an email address inviting them to record their preferences online.

Please note that this requires the Web Requester to be running on your system as well as the latest web updates.

Posted in GDPR.