iSAMS Supports GDPR with New Data Protection Module for Schools

10th May 2018

The General Data Protection Regulation (GDPR) replaces the Data Protection Regulation and will come into effect on 25th May 2018.

The GDPR protects basic information such as name, address, ID numbers along with web data such as location, IP address, cookie data and RFID tags. It also protects health and genetic data, biometric, racial and ethnic, and political data. It will affect every school that stores or processes personal information.

iSAMS is pleased to announce the new Data Protection module. A solution developed to support schools in complying and simplifying the complexity of the new GDPR requirements, in addition to helping schools avoid being imposed with penalties and fines.

The iSAMS Data Protection module is being launched as a staged release.

Phase One of the staged module development is currently being rolled out to schools and sees the release of the Consent Management functionality.

This feature was identified by our client schools as being highly beneficial to have available in advance of the 25th May deadline.

Consent Management

The Consent Management area of the Data Protection module is split into four sections and offers the following:

Configuration

  • Create consent registers
  • Select the data subject type (s) to which it applies (Student, Contact or Staff)
  • Ensure valid fields are set such as ‘Valid From and Valid To’ dates (optional)

Manage by Data Subject

  • View and manage consents against a single data subject
  • Bulk apply consent against multiple consent registers to multiple data subjects

Manage by Consent Register

  • View and maintain both data subject consent against each consent register

Admissions Portal

  • Capture consent at the time of enquiry for applicants and associated contacts

Admissions Portal

The iSAMS Admissions Portal, which assists schools with managing the entry of applicants, has been updated with the Consent Management to support GDPR requirements.

Following research from iSAMS users and looking at industry trends, which sees more schools going paperless and taking their application processes online, iSAMS believed it was essential to introduce the capturing of consent from a prospective parent, as well as a current one.

This decision is aimed at reducing the administrative tasks involved when parents and their children join a school. It will also help to manage parental consent when communicating with parents during the Application/Admissions process, one of the GDPR requirements.

The Consent Management feature is available to existing iSAMS schools and any new school looking to migrate to the iSAMS MIS solution. The Consent Management feature works with both the Data Protection module and the Admissions Portal. But is noted that a school is not required to purchase the Admissions Portal to gain access to the Consent Management feature in the Data Protection module.

Further Releases

Additional features of the iSAMS Data Protection module will be the released over the coming weeks to support GDPR requirements. These include:

Data Subject Access Requests (DSAR)  due for launch w/c 21st May

  • An area to record DSAR requests against a data subject
  • It will include fields regarding the status of the DSAR, the date, and other key information pertinent to actioning a DSAR
  • It will also host a convenient location to execute the suite of DSAR reports in a single action

Data Breach Record

  • An area to record data breaches
  • It will include fields regarding the status of the breach, the nature of the breach and other fields pertinent to the handling of data breaches

Data Protection Audit

  • An area to execute and record the results of regular data protection audits
  • This area will have a series of questions for your data protection audit as well as fields to record DPA issues and actions

Data Protection Impact Assessments (DPIA)

  • An area to store the results of DPIAs
  • It will include fields to summarise the process being reviewed, the rationale behind the DPIA, the outcome of the DPIA as well as other pertinent fields

Erasure

  • An area to record Erasure requests
  • Includes fields such as the person, the date and the outcome

Privacy Notice

  • A simple area to configure a URL to your privacy notice
  • This will integrate with apps and portals to show a link to your privacy notice

Staff Training

  • An area to record when and what staff data protection training was undertaken
  • Data protection training topics/courses will be configurable with optional durations
  • On the overview page, upcoming expiring training for staff will be reported

It is the duty of a school to protect the personal data and privacy of students, parents, staff and teachers. The GDPR compliance may seem daunting and complicated to integrate, which is why iSAMS developed the Data Protection module.

This easy-to-use module will help simplify the complexity of the GDPR requirements by providing schools with the ability to:

  • Create, configure and manage consent registers with Consent management, including capturing consent from parents at the start of the Admissions process via the Admissions Portal.
  • Simplify the recording of information relating to any data breaches.
  • Access a centralised area for the recording of all erasure requests.
  • Record Impact assessments carried out.
  • Maintain a record of data protection audits carried out and their outcomes.
  • Maintain a comprehensive record of all DSAR’s from request through to completion.

Any Questions?

iSAMS looks forward to working in partnership with schools and third-parties to address and support the process of GDPR compliance. If you would like to learn more about the iSAMS Data Protection module contact iSAMS on +44 (0)1604 659100 or email [email protected]

Please share information about the Data Protection module with any colleagues or peers who are responsible for Data Protection, Security or Governance.