These four letters have been dominating the headlines over the last 12 months, with businesses of all sizes reviewing and redesigning their data processing activities to ensure they will be compliant by the deadline on the 25th of May 2018. We at HowNow have had GDPR T-shirts made so it’s always on the forefront of our minds (just kidding!).
So what is GDPR?
GDPR (aka General Data Protection Policy) is the EU’s data protection law that comes into affect on the 25h of May 2018. This law will be implemented throughout the EU and will impact all businesses operating within the union, driving more consistent approach to data protection. You can find out more information by visiting the Information Commissioner’s Office (ICO) website (https://ico.org.uk/for-
organisations/guide-to-the- general-data-protection- regulation-gdpr/)
How does it affect us at HowNow?
We have always taken data protection and confidentiality very seriously at HowNow. The new regulation means that we have to make a few tweaks to our existing data processing activities to be fully compliant. At HowNow, we are both “Data Controllers” and “Data Processors”. Data Controllers are businesses who decide why and how personal data is processed. Data Processors are businesses that process the data on behalf of the Data Controller.
So to all of our clients, we are “Data Processors” as we store and process data on their behalf. To all our third party software partners, we are “Data Controllers” as we instruct them on how the data is to be processed.
So what are we doing to be GDPR compliant?
We have carried out a full review of all our data processing activities – as both Data Controllers and Data Processors . As a result of this review, we have set in motion a number of actions, including:
As “Data Controllers”…
- As a result of the review, we have assigned a team to implement the changes to ensure that we are fully compliant
- We have contacted all of our third party software providers to ensure that they are working towards compliance or are fully compliant already
- We have appointed a Data Protection Officer, who you can contact at firstname.lastname@example.org
As “Data Processors”…
- We reviewed the data processing activities involved in our HowNow schools
- Based on this review, we are implementing changes that will help our clients be GDPR compliant
How does it affect you?
We want to make sure that our clients are GDPR compliant too. Running an online school/academy means that you will have your own clients, who share their personal data with you through our platform. As your ‘Data Processors”, we will ensure that we are GDPR compliant. As “Data Controllers”, you will need to ensure that you are GDPR compliant too.
What do you need to do?
- Review all of your data processing activities and identify potential areas of non-compliance using the ICO’s guidleines
- Implement the changes based on your review
- Review existing Privacy Policies and T&Cs
- Contact any other third party providers you use to ensure that they are GDPR compliant
We appreciate that this is a lot to take in but don’t worry, we will do our best to make this easy for you!