Netmedia has been prepared for the General Data Processing Regulations (GDPR) law changes, which becomes enforceable on 25th may 2018, for some time.
Customers should note that it is business as usual when it comes to the Parents’ Evening Booing System and GDPR, but might want to make sure that they themselves are compliant. Do you need to get consent from parents to share their data with third party education software tools like ours, for example?
In terms of our compliance, the only major change from the Data Protection Act is that as a “data processor”, Netmedia’s responsibilities grow in a legal sense. In truth we have always assumed a high level of responsibility for customer data, and acted in a way that made us GDPR compliant before we were required to be, but it may be worth noting that we have recently added extra security layers to our severs’ encryption and protection (something we would be doing regardless of GDPR, as technology advances).
We are of course registered with the Information Commissioner’s Office, reference ZA168073.
Your contact with Netmedia will not change, nor will our Terms and Conditions, before or when GDPR comes into force. If anything changes on this front we will write to all customers ASAP. We anticipate we will issue schools with an updated Data Protection Policy in the near future, which will explain that by using us schools are consenting to share the required pupil, parent and teacher data with us for the purposes of running parents’ evening booking online.
If you are seeking specifics, please note that below are the individual policy document which detail our compliance:
If you are interested in where we store you data, we use Amazon AWS’ EU servers, which are in Ireland. This prevents physical access data breaches.
Amazon AWS is an extremely reputable and well-known cloud server brand, one which carries with is a very high level of security, and their credentials are readily available. Only our sever admin, who has his user access via a fixed/static IP Addresses, has access to the servers, database and customer data. He has a career without blemish.
We run an automated database image backup daily.
Finally, in line with the Data Protection Act and GDPR, we have a Data Retention Policy (linked above) which states that data is only held for as long as it is required, and only used for the purposes which are outlined in our Data Protection Policy. When customers (schools) end their subscription with us we will delete their data on their behalf in the event where a school has not deleted their own data.
In terms of our own security information, we encrypt your school’s data both while it is in transit and at REST. We also use a 2048 bit Secure SSL connection for access by parents, teachers and the school. Provided schools are secretive of their login information, your data is very safe.
Netmedia and Amazon AWS staff are subject to both pre-employment and on-going background checks for social security; criminal convictions; the Office of Foreign Asset Control list; the Bureau of Industry and Security list and the Office of Defence Trade Controls debarred list. New hires are also subject to education history and employment history checks. Contractors and others who may have access to customer authored data are subject to these same checks. Staff are also trained on legislation changes by our company lawyer.
If you have any specific questions related to GDPR that are not covered here or in our above policies, please feel free to contact us at: firstname.lastname@example.org.