GDPR becomes enforceable from May 2018, and whilst many of its main concepts and principles are much the same as those in the current Data Protection Act (DPA), it also introduces a number of new, more stringent data protection rules with which we must all comply.
Groupcall Limited already fully complies with the DPA, is ISO 27001 accredited and have had all of our products accredited on the UK Government G Cloud Frameworks for several years.
However, we need to review everything we do to ensure we fully comply with GDPR and all the data protection requirements it brings.
We have started this GDPR compliance process already:
- Our Senior Management Team are fully aware of the new GDPR regulations and the impact this is likely to have on both Groupcall and the education industry in general
- We have appointed a Data Protection Officer who is suitably qualified and experienced in this area
- We have made all our staff aware of the new regulations and what this means to us through GDPR awareness sessions
- We are conducting an audit of all personal data we hold or process, including where it comes from and who it is shared with
- We are reviewing the legal basis for all personal data processing to ensure we are compliant and to ensure that, if required, we have the appropriate consent in place
- We are reviewing and updating our policies and procedures to ensure that we comply with all the rights of individuals under GDPR including processes for secure data deletion, handling Subject Access Requests etc.
- We have for several years ensured that we have data protection by design throughout our processes and we continue with this. We are also conducting new Data Protection Impact Assessments across the company
We have made a good start on our compliance with GDPR and will be fully compliant well in advance of May 2018.
In addition, we believe that our customers – schools, Local Authorities, Multi Academy Trusts etc. – need assistance in themselves becoming GDPR compliant and to that end we are holding a series of GDPR training courses. These are for their staff to help them understand GDPR and in particular what impact it will have on the world of education.
Finally, together with some of our partners, we have developed a GDPR compliance toolkit, GDPR in Schools (www.gdpr.school), which will help schools, academy trusts etc. through the compliance process, as well as enabling them to monitor their own and their suppliers’ compliance with GDPR in a simple yet effective way.
We believe that compliance with GDPR will help to strengthen and unify data protection rules across Europe and will undoubtedly help protect the vast amounts of personal data that is processed in the education industry.
Becoming fully compliant with GDPR is not simply an aim for Groupcall, but a commitment through which we will protect all personal data we process in the best way possible at all times.
Data Protection Officer