GDPR

GDPR for Schools & Businesses Q&A

Answers to some questions you may have about GDPR

Updated: 04/18/2018

So why is GDPR being introduced?

GDPR is the new update to the Data Protection Act (1998) and is really designed to restrict the number of breaches of personal data. In order to fully understand GDPR, personal data is defined as:

“Data which relate to a living individual who can be identified –

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

Information Commissioner’s Office. 2018. Key definitions of the Data Protection Act. [ONLINE] Available at: https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/. [Accessed 18 April 2018].

So what does that mean in English?

Our interpretation and understanding of GDPR is that it’s a way to stop data being accessed should a breach occur, and that as an IT Service Provider, we have to take steps to work with you as our customer to:

  1. Prevent breaches, or
  2. If a breach occurs, ensure that data is not accessible

We can provide guidance and policies for what you as a customer need to do, but ultimately, your data is your responsibility.

Are our backups encrypted?

Quick answer, Yes!

If you currently have an online backup system in place (for the SIMS System), the data is held securely at multiple data centres and the company we use is a government approved supplier for Education and meets all the requirements for GDPR.

If you have any servers that backup locally to a tape drive, they should also be encrypted. We will be checking all the servers in your schools to ensure that this is the case

Is our server encrypted?

Not yet! We will be working to encrypt the data partitions on your servers during the May half-term. Once that procedure has been completed, your systems will be using Bit Locker, Microsoft’s built-in encryption standard.

Please be aware that this may have a performance impact on the older servers that are still in use due to the nature of how encryption/decryption works. Any server less than about 2-3 years old should be fine.

Are any of our laptops / computers encrypted?

Probably not … yet!

Encrypting a laptop can create a massive strain on the hardware, depending on the age of the machine. If the user doesn’t keep any personal data of either themselves or anyone else, there’s not a requirement to encrypt it.

There are various pieces of encryption software available. The most common one is already within Windows itself called Bitlocker. It’s a case of simply enabling the option. Encrypting a machine can take up to 24 hours, but is generally a simple process of set it up and leave it.

If you wanted your laptops encrypting, we would anticipate this would need a few extra days support @ £450 per day. Just be aware that there will be a massive hit on the performance of the machines that are encrypted, so you need to let staff know and ensure that laptops are not over three years old.

Are our e-mails encrypted?

At the moment, no. However, we can do this for you.

It’s not recommended to encrypt all e-mails that are sent out as it radically changes the way e-mails are viewed on your system. When you send an e-mail, the recipient receives a message stating they have received an encrypted e-mail. They then click the link which takes them to a secure Microsoft website where they login with a Microsoft Account, and then they can see the e-mail. We appreciate you may want to send some e-mails encrypted (certainly not all of them), so we can set this up where you add the word ENCRYPTED, SECURE, CONFIDENTIAL (or a word of your choosing) and it then encrypts the mail.

There is no cost for us to set this up for you, all you have to do is log a call on our helpdesk.

For businesses, there is a cost involved which works out at £1.50 per user per month to enable the option on Office 365. Please contact us for more details

Do you store any of our data?

No we don’t. The only data of yours that could be off-site is the backups. These are not stored on our servers as they are held by a government approved agency for education.

What about using Memory Sticks?

We always recommend using a cloud based solution such as SharePoint, Dropbox or Google Drive to transfer files to other colleagues as this is a more secure method. However, you can still use USB memory sticks, and you don’t even need to purchase encrypted ones.

We can send you some documentation on how to download and install a small piece of software to encrypt your memory stick, ensuring that it will always ask you for a password when accessing the contents. The memory stick will be encrypted as well, meaning that no one can access the data if you lose it.

Contact us for more information.

The content of this web page is a commentary on GDPR, as TP Systems interprets it, as of the date of publication.

As a result, this content is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organisation. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation, and how best to ensure compliance.

TP Systems MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION ON THIS WEB PAGE. This CONTENT is provided “as-is.” Information and views expressed in this web page, including URL and other Internet website references, may change without notice.

Do you have a question that’s not listed here? Just contact us below and we’ll do our best to answer it for you.