Compliance with the General Data Protection Regulation
The General Data Protection Regulation (GDPR) came into force on 25th May 2018. As part of our preparations we are conducting due diligence on all suppliers with which we share individuals' personal data to make sure that they, and therefore we are compliant.
We would appreciate it if you could answer the following questions to help us do this:
What action are you taking to prepare for the GDPR?
What technical and organisational security measures do you have in place to protect personal data?
What policies and procedures do you have in place to protect personal data?
How secure are your systems?
Do you have any information management accreditation?
In addition, as you process personal data that we share with you, we need to create a contract to set out:
The subject matter, duration, nature and purpose of the processing
The type of personal data being processed
The categories of the data subjects
Our obligations and rights as the data controller
That the data processor (you, the third party/supplier) processes data only on the documented instructions of A.R.T.S
That the people who process the data are committed to confidentiality
That you take measures to ensure secure processing
That you will not engage another processor without prior written authorisation from the school, and that if you do so, that processor will also be bound by the same data protection conditions as are in your contract with us.
That you help A.R.T.S comply with requirements regarding the data rights of individuals (eg to access, delete or rectify data), secure processing, the reporting and communication of data breaches and the conducting of impact assessments where relevant
That you delete or return the personal data to the school at the end of your provision of services
That you make information available to us to demonstrate your compliance with the obligations in our contract, and allow us or a third party instructed by us to conduct audits and inspections.
Kindly confirm that you are willing to meet or speak with us to arrange the updating of our contract, and we will be in touch in due course.