GDPR Update May 2018

CPOMS and GDPR

The General Data Protection Regulation (‘GDPR’) comes into effect on 25 May 2018 and relates to the processing of personal data whether by automated means (i.e. by computer) or non-automated, for example paper-based files.

CPOMS Systems Limited (CPOMS) is committed to maintaining compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR).

CPOMS Current GDPR Position

CPOMS is registered with the UK Information Commissioner’s Office both as a Data Processor for our customers’ data and as a Data Controller for our own company’s data. We are also accredited for both ISO 27001 and UK Government ‘Cyber Essentials’ which are reviewed each year. We also subject our systems and networks to regular independent penetration testing to ensure the security of our schools’ data.

We also hold the UK Government’s ‘Cyber Essentials’ certification, against which we are independently audited on an annual basis.

Following our own assessment and the independent inspections that we have undergone, we are confident that our systems and operations are fully compliant with current Data Protection Act legislation and that we are already compliant with the GDPR.

Steps we have taken to achieve compliance

  • Full awareness programme for all CPOMS personnel
  • A review of the impact of GDPR on our customers and our own staff, systems and procedures
  • Working with our suppliers to ensure that their GDPR compliance projects underpinned our own
  • Commissioning of a new customer contract and Service Level Agreement (SLA) to meet the requirements of GDPR. This is currently being sent out to all our customers
  • Provision of a new GDPR compatible End User Licence Agreement (EULA) to each of our customers under the terms of which they authorise our data extraction processor to provide CPOMS with the appropriate schools’ MIS data
  • A full audit of historical customer contact data, contacting schools to gain their consent to retain such data or to delete where appropriate

Our Senior Information Risk Officer (SIRO) is Tony Wild, Executive Vice Chairman. Tony has Executive Board responsibility for all CPOMS security and data protection arrangements.

For further information please contact us at gdpr@cpoms.co.uk