EduCare and the General Data Protection Regulation (GDPR)
On May 25th 2018 the new General Data Protection Regulation (GDPR) comes into force. For some time EduCare has been working with an external GDPR expert consultancy to ensure we are GDPR compliant well ahead of its introduction.
Please see the below questions to help answer some of the most common GDPR enquiries we receive.
Is EduCare compliant with the GDPR?
We will be compliant and we are taking all the steps necessary to ensure that it happens prior to May 25th 2018. We have an internal working party that focuses on each step and monitors our progress towards GDPR compliance. We are, of course, fully compliant with the current law, the Data Protection Act 1998.
What steps have been taken to comply with GDPR?
We have analysed all the data that comes into our organisation (data mapping) and how we protect it. We are updating our internal systems and processes as necessary and have ensured that 3rd party suppliers are GDPR compliant or are working towards it. We have already updated all of our internal policies regarding the information we hold to ensure it is fully protected and compliant. We are also working towards external accreditation, called Cyber Essentials Plus, to reassure customers we take their privacy and security very seriously.
EduCare will provide a Service Level Agreements (SLA) for customers detailing:
- the subject matter and duration of the processing;
- the nature and purpose of the processing;
- the type of personal data and categories of data subject; and
- the obligations and rights of the controller.
Do EduCare store data outside of the EU?
We process some data outside of the EU. Our Learning Management System stores data with Amazon Web Services (AWS) and they meet the EU-US Privacy Shield framework adopted by the European Commission. This complies with data protection requirements and GDPR legislation when transferring data outside of the EU. For more information, please see here.
What type of personally identifiable information does EduCare process?
For your customer account we process your name, email address and organisation details, including the organisation’s name, address and telephone number. With regards to customer’s employees who are undertaking training, we process their name and email address only. We do not request or store any sensitive data about our customers or their staff.
This statement will be updated regularly as our progress continues.