The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and is intended to unify the policies and strengthen the safety and security of all data held within an organisation.
- In regards to data subject consent, if a school finds that they are required to amend or remove a particular data-subjects data, the DPR already contains the necessary tools to carry this out
- Axle Education Ltd will now collect contact details of a schools Data Protection Officer
- Axle Education Ltd will honour requests from data-subjects to access their data and make corrections, and will also ensure to respond to these requests within 14 working days
- In the case of a data breach, Axle Education will inform the data-subject within 72 hours of the breach
- Internal policies for Axle Education Ltd staff have been updated to ensure GDPR compliance
We now provided a comprehensive list of data we collect from schools and also information on the justification of collection as well as details of retention period and storage mechanisms.
Visit https://dpr.education/permissions-list for more information.
What security measures does Axle Education Ltd have in place?
- Network firewalls in place
- User access control management - School administrators are able to manage all data stored on the DPR
- All logins by students and teachers are logged and available to school admins
- All decommissioned data is wiped securely in a way that the data is unrecoverable
- Encryption of all data in transit through SSL encryption
- Encryption of all data at rest
- Regular backups of the system and the ability to restore data in a timely manner in the event of a physical or technical incident
- Testing of the systems integrity, availability and resilience
- Access to physical data servers protected by multi-factor authentication
- Axle Education staff trained and vetted on GDPR regulation
- Data restricted to Axle Education Ltd staff on a need to know basis
We’ve updated our contract to now comply with the GDPR by including the following:
- Obligations and rights of the controller (school)
- Types of personal data collected and categories of data subjects
- Nature and purpose of processing data, as well as the duration of processing
We’ve carried out a comprehensive audit of the data we handle and how the data is processed and stored. For more information, refer to the audit document.
The document includes:
- The types of data we collect
- What personal data is stored
- How and why the data was collected
- Where the data is stored
- What security measures are in place
- Who has access to the data
- How we ensure the data is accurate and up to date
- How long we retain the data