As the General Data Protection Regulation (GDPR) implementation date – 25 May 2018 – looms large, we’re finding more and more schools asking for advice on the subject. One area in particular is around the transfer and storage of data outside the EU.
One of the requirements under the GDPR is that the transfer of data must only happen to countries with adequate data protection laws, of which the US is not one, and for those schools using US based cloud providers or suppliers this has been a concern.
However, last year we saw the implementation of the EU-US Privacy Shield – a framework which allows US companies to meet the requirement of the GDPR. The first annual review of the Privacy Shield took place last week between EU and US officials who have stated their support for the framework, and commitment to ensuring continued improvements to the agreement.
More and more companies are signing up to Privacy Shield , including Survey Monkey, Google and Microsoft. You can view the Privacy Shield certification for these companies in the links below.
With GDPR allowing for bigger financial penalties for businesses in breach of the regulations – up to 4% of global turnover – it’s essential that schools are fully aware of where their data is stored.
At mso, our communications platform My School Portal's largest focus is about aggregating school data, our aim is to integrate with systems that comply with data protection laws and this does prevent us using some well-known applications from the US who have not yet managed to complete the privacy shield process. Over this past year we have successfully collaborated with a number of new systems’ providers to ensure that they meet all of our stringent criteria and protect the integrity of schools’ data.
If you’re interested in finding out more please get in touch!