GDPR and its impact on my editing and proofreading service
Posted on 9th May 2018
I have previously written about how I am ensuring my proofreading service is GDPR compliant but I was recently slightly flummoxed by a query from a potential client and I thought it would be interesting to share this with other clients, editors and proofreaders.
For most of my work, a client is the author and/or owner of the information I am working on, meaning that if they contact me and send me their files, then they are explicitly choosing to do this. They will be asked to agree to my Ts and Cs, will have access to my Privacy Policy and will have the chance to ask me any questions they wish.
However, the query I had was from a teacher wanting to get some school reports proofread. By this, I mean the sort of end-of-term reports where parents are told if their children are focusing hard or if they 'could do better'!
Obviously the teacher will be the writer of the text, but the data within will relate to pupils, who haven't given consent (or their parents haven't given consent) for their data to be passed to me.
The teacher's question was whether if she removed all the names/identifiers, would she be able to send the reports to me to be proofread?
I have to admit this isn't something I'd considered, and it led to me asking around, with responses from friends who are editors, lawyers, teachers and someone who's working in the GDPR field.
The general consensus was that if the files retain ANY personal data, explicit consent would be required from the parents. Needless to say, this would be required in addition to the school and me being GDPR compliant. In my experience though, the schools I have worked with didn't want the parents knowing they'd outsourced this, so I doubt they would want to ask for the explicit permission for the data to be shared with an external proofreader. And of course if you have a few children whose parents don't agree, then there's extra admin in separating those out.
I am in no way a specialist, but looking at the details and bearing in mind that this is data about children, I do not think there would be a "legitimate interest" argument for sending this data externally.
But if the data is anonymised, the value of using a proofreading service is seriously reduced. In the past when I have proofread files such as these, I saved the client plenty of embarrassment by picking up on typos in people's names. I know of other people who worked on school reports who picked up on erroneous instances of she for he (and vice versa). If we strip out so much of this personal data (especially if it is potentially sensitive data), is there much value in this specific proofreading service?
Then of course we have the issue in the school re-inserting that personal data, and the issues that might arise, not just with typos but perhaps putting the student's name in the wrong report.
I contacted a head teacher I know with the following:
I think that with the new GDPR rules, it will be very difficult for me to proofread any school reports (or similar) in future – they'd need to be fully anonymised, or have explicit consent from parents, and I think both of those options would render the external proofreading more time-consuming than it's worth.
To the above, the head teacher just replied:
You are spot on!
Based on all of this, my instinct is that if a school really needs to get external proofreading help on their reports, the proofreader will need to go in-house and use the school's equipment and secure data servers; after all, the admin school staff will have access to this data, and the parents will no doubt have provided consent for this when enrolling their children at the school, so I would imagine that with some confidentiality clauses or short-term contracts in place, this would be fine for a proofreader.
Also, because the data is about children and will potentially include sensitive data, even if there are loopholes or ways around GDPR, I believe it's too big a risk for schools to take; using an external proofreading service was a time-saving luxury for my old client (her words), not an essential. The new GDPR Subject Access Requests (a bit like FOI requests) mean schools would have to disclose information about anyone they have shared any data with if a parent asked and as mentioned, I don't think schools want parents to know about this. All of this combined means I don't see schools wanting to outsource the work now.
If you're a teacher and in despair at having to proofread your own reports, you might want to look at some technical assistance (though do watch out for plug-ins or online services that claim rights to your work.
If you want general consistency on all your files and a few bells and whistles added on to a standard spelling checker, why not try the free trial of PerfectIt. If you know you often make the same errors, you can add these to your own style sheets; though setting these up might take a bit of time, you could do that when you've got a quiet spell (do teachers ever have those?!) and then save time when you have a big batch of reports to write.
Or if you fancy using macros, I would definitely recommend using Paul Beverley's Propernounalyse macro, within his Starter Pack. This searches through files for all the proper nouns and highlights any inconsistencies, thus helping to spot typos in names.
Asking other teachers to proofread the reports might also work, though of course you'll have to reciprocate and that isn't saving either of you time. That said, if you use base phrases that you add names and details to and then cut and paste those into each of the reports, you could ask a colleague to check those, or send those out to a proofreader as there will be no identifiers within.
None of these options replace a thorough proofreading service but if it's not possible to outsource the work, then some assistance is better than none.
Written by Kate Haigh.