This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Print Page | Contact Us | Sign In | Join the A4L Community
Chapter/Locale: United Kingdom
Group HomeGroup Home Blog Home Group Blogs
All things relating to the UK A4L Community.... don't forget to check out the blogs on the global/locale Communities too! | Global: http://www.a4l.org/blogpost/1546358/Chapter-Locale-Global | Australia: http://www.a4l.org/blogpost/1545371/Chapter-Locale-Australia | North America: http://www.a4l.org/blogpost/1545399/Chapter-Locale-North-America

 

Search all posts for:   

 

Top tags: 2017  Community  GDPR  global  privacy  volunteer 

Are you ready for GDPR?

Posted By Penny Murray, Friday, September 29, 2017
Updated: Wednesday, September 27, 2017

Are you ready for GDPR?

In May 2018 the General Data Protection Regulation (GDPR), a new European Union-wide data protection regulation, comes into effect.  If you are an organisation with offices and/or customers in the EU, even if you are a U.S.-based company, you have to comply with GDPR.  If your business is affected, you will need to start thinking about compliance now.

 

The GDPR principles

The GDPR principles are similar to those in the Data Protection Act (DPA), with additional detail, plus a new accountability requirement.  The GDPR requires you to show how you comply with their principles, for example, documentation around what decisions have been taken about a processing activity.

An abbreviated view of Article 5 of the GDPR requires that personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to individuals;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Article 5(2) requires that:

“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

 

Lawful processing

(taken from the ICO website here)

For processing to be lawful under the GDPR, you need to identify a lawful basis before you can process personal data. These are often referred to as the “conditions for processing” under the DPA. It is important that you determine your lawful basis for processing personal data and document this. This becomes more of an issue under the GDPR because the lawful basis for processing has an effect on individuals’ rights. For example, if you rely on someone’s consent to process their data, they will generally have stronger rights, for example to have their data deleted.

The GDPR allows member states to introduce more specific provisions in relation to Articles 6(1) (c) and (e):

“(c) processing is necessary for compliance with a legal obligation”;

“(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”

These provisions are particularly relevant to public authorities and highly regulated sectors.

 

For EU and UK end users;

Don’t just accept that systems you have in place that provide data exchange between software applications are lawful – ASK QUESTIONS of your suppliers and Data Managers as YOU will be responsible.

Ensure your providers know that “SIF certified” applications can provide you with additional features to ensure you are legally protected (including data encryption at source and between applications; as it is a routing mechanism, there is no data storage functionality unless architected into your solution, with your knowledge/agreement.) 

 

For more information on security features included as standard in the SIF 3 Infrastructure Specification, please CLICK HERE.

 

Additional reading: Government to strengthen UK data protection law

 

Tags:  2017  GDPR  privacy 

Share |
PermalinkComments (0)
 

Call for Volunteers

Posted By Penny Murray, Thursday, August 31, 2017
Updated: Thursday, August 31, 2017

Call for Volunteers

Now the kids are on the way back (or already are back) to school, there are a number of groups looking for additional volunteers to kick-start the new term - could you help? If you are interested in any of the following groups, please go to the group page and 'Join Group' or contact Penny Murray:

GLOBAL GROUPS:

  • Marketing: The initial focus for this group will be on ensuring that the Vendor Marketplace (more info) is providing the correct level of value-add for membership. In addition, this group will be looking at several marketing strategies and collateral pieces being prepared for publication. We anticipate calls will start mid-September, so register your interest and join the group today: http://www.A4L.org/group/Marketing
  • Data Privacy: This group is currently focussing on 'implementing privacy controls'. Interested? Then join this group today: http://www.a4l.org/group/DataPrivacy
  • Identity: Anyone interested in Identity Management should contact us to get involved!
  • Infrastructure: We are always looking for additional international Community Members to add to this group, ensuring that the Infrastructure Specification stays firmly positioned for the global marketplace. Join the group today: http://www.a4l.org/group/Infrastructure


GLOBAL NETWORKS:

These groups are slightly different from our traditional 'working groups'. Network groups are less formal and endeavour to bring together like minded people for a wider discussion and network opportunities across Communities.

  • Open Source Developers: Interested in Open Source? This group is currently looking at the CEDS NDS Adaptor, but will be moving onto wider topics shortly. Join this group today: http://www.a4l.org/group/OpenSourceDev
  • End Users Data Integration: We all have to find the best way to integrate data between applications, whether we are using a SIF interface or other. This is the place to contact other data integrators, whether you work for a school district or support on as a consultant or product vendor. The purpose of the group is to share expertise with integration products. We want this to be a product-agnostic site – product vendors are our best integrators; share your tips and tricks, but please don’t advertise on the site. To get involved: http://www.a4l.org/group/DataIntegration
  • Open Strategic Collaboration: The Open Strategic Collaboration Network has been established to provide a forum for A4L Community Members to discuss external standards and consider their inclusion in the SIF Specification. This group is open to all members of the global A4L Community. Join the conversation here: http://www.A4L.org/group/OSCN

For more information on how to join a group, please go to: http://www.a4l.org/page/GettingStarted


Tags:  2017  Community  global  volunteer 

Share |
PermalinkComments (0)
 
  • SIF Association (dba Access 4 Learning (A4L) Community)

  • PO Box 1024, New Albany, Ohio 43054-1024

  • Phone: +1.202.621.0547

  • Fax: +1.202.289.7097