The General Data Protection Regulation (GDPR) policy has been approved by the European parliament in 2016. This is the most significant change to the current data protection policy in the last 20 years.
The new regulation is designed to enhance individual’s rights to data and also unify data protection policy across the EU.
Webanywhere has been committed to data protection since inception in 2003. With the new GDPR policy coming into place, Webanywhere will provide support to clients in this transition. There remains huge potential in learning technologies to improve education outcomes.
Our commitment to you
Webanywhere is currently compliant with data protection law and therefore GDPR is not a substantial step. Our software and technical solutions are designed with data protection at the core.
As part of the new and current data protection regulation, Webanywhere is defined as the data processor. Therefore, we are compliant with current data protection policy and we will be complaint with the GDPR policy well in advance of the May 2018 deadline.
Webanywhere’s commitment to GDPR and what you can expect:
- All your data to be secured safely
- Guidance with documentation to inform your users about GDPR
- Provide a new contract for you which will cover GDPR policy
- Give you support as required
What does GDPR mean for you?
Our clients are already making proactive steps towards GDPR compliance. As part of this, we recommend that you assign a team to focus on compliance within your organisation. It’s important to note that whilst Webanywhere is the processor of your data, under GDPR, you also must have processes internally which refer to how you manage data. We recommend you assess your situation and seek legal advice.
GDPR requires you to:
- Assess your current use of data under the new GDPR policy
- Understand and document the processes and procedures under GDPR for your organisation
- When acquiring new software, provide a Data Protection Impact Assessment (DPIA).
- Ensure data security and be able to demonstrate how you provide this security which includes retention of data
- You should aim to appoint, if you haven’t already done so, a Data Protection Officer. It’s important that this person is impartial. Therefore we recommend this person doesn’t sit on your Senior Leadership Team or company board
- In using a 3rd party provider like Webanywhere, ensure that we are compliant with GDPR as the processor of your data
- Individuals have stronger rights under GDPR, therefore be prepared for data subject requests and being able to assess their validity
- Be prepared for individual data requests, for example, this could be from users who have left your organisation. If your users are young, you may also have requests from parents
Webanywhere has a dedicated data protection officer, if you would like more information you can contact us at firstname.lastname@example.org or call 0113 3200 750.
We have also produced a free white paper about GDPR, if you would like a copy - please let us know.
For any commercial or contractual matters please contact your account manager.
For specific GDPR requests, please use the Webanywhere helpdesk to raise a ticket.