May 25 2018 sees the introduction of the General Data Protection Regulation (GDRP), which will introduce new measures and improve existing ones designed to protect personal data. As a subcontractor, Teach on Mars is responsible for processing and safeguarding the data of its clients, and as such will be deploying specific procedures and tools to ensure compliance for itself and those clients.
Tanguy Deleplanque, Chief Operations Officer at Teach on Mars, takes a few moments to update us on how the work is progressing.
1/ How do you maintain your record of processing activities at Teach on Mars ?
Data processing activities carried out within the framework of operation of the Teach on Mars solution are documented in compliance with the recommendations of the CNIL (Commission Nationale de l’Informatique et des Libertés, the French national agency regulating data protection).
This means that for every processing operation, we record:
- Name and contact details of the processing agent
- Reason for the processing
- List of the personal data collected
- Location of the data storage
- Duration of the data archiving period
We make this document available to the client to enable him to provide proof of his compliance with the Regulation.
2/ At what point in the process does the Teach on Mars solution deal with user consent?
Every user must give his or her explicit consent prior to any data collection operation.
The Teach on Mars solution already includes a functionality that requires the user to consent to the collection of personal data before he or she enters the App. For GDPR purposes, this function will be used to present the Personal Data Charter and have the user formally accept it.
A specific update of Ganymede (the latest version of the ToM software) which is planned for release before GDPR comes into effect in May will introduce the systematic logging of this user acceptance in the database so that the client will be able to provide full user consent logs if necessary.
If you are already a Teach on Mars customer we encourage you to prepare your personal data Charter as soon as possible. Your Teach on Mars Project Manager can provide you with a full list of all personal data collected by the platform so that you can indicate them to your users.
3/ What about personal data deletion and portability rights for Teach on Mars customers?
The Mission Center already features a specific tool enabling a given user and all his or her personal data to be deleted on demand, and another for exporting these data in structured format for portability purposes. To guarantee complete compliance, we’ll also be implementing a mechanism to disable a user and then delete him/her and all corresponding personal data.
4/ And what happens if there’s a breach of data confidentiality?
In the unlikely event of us suffering a data breach despite all our efforts and specific security and confidentiality measures, Teach on Mars is implementing procedures to ensure that all concerned parties will be informed of the breach as quickly as possible – the customer, the processing agent, the CNIL and the users impacted. These procedures will be monitored by the Teach on Mars Data Protection Steward, who will be appointed in the very near future.
In the meantime, please feel free to contact us with any questions on GDPR and its impacts and ramifications on the dedicated email address privacy@teachonmars.com.
In charge of solutions’ production, Tanguy has worked in the digital learning for almost 10 years. Co-founder and head of the production at Teach on Mars, he manages the production of the applications and the methodology.