We take your privacy very seriously and work to the highest standards to keep your data safe. We welcome the introduction of the General Data Protection Regulation (GDPR), which came into force on the 25th May 2018, as it provided everyone with an opportunity to reflect upon the measures in place to protect data.
eduFOCUS Limited, the providers of the EVOLVE system, is committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR). Ongoing compliance is embedded in all processes and policies throughout our organisation.
We've outlined the policy, system, and operational changes that have been implemented in EVOLVE and eduFOCUS Ltd to comply with the GDPR.
Under the GDPR, organisations are recognised as Data Controllers, Data Processors, or both. The requirements differ depending on your role in the data collection and handling process. EduFOCUS Ltd is both a data controller (of data about our customers) and a data processor (of our customers' data) .
- How and why any personal information is to be processed.
- Which information is collected, stored and processed
- Who can access the system and therefore which users are permitted to view what information (by setting their account type)
- To turn on the Visit Register and/or the Accompanying Staff modules
- To add custom questions to gather additional information
- To require/request files to be attached to visit forms
As such, the Licensee is responsible for ensuring
that appropriate data is stored and processed and that access to such data is
- Are registered with the Information Commissioner's Office as Data Processor
- Utilise a wide range of security measures in line with the recommendations provided by ICO (Information Commissioner's Office)
- Implement additional security measures including advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging etc.
- Provide Data Controllers with a range of integrated tools to support you in meeting your obligations as Data Controller
- Continue to support Data Controllers with their obligations.
We've completed a comprehensive audit of the data that we process and store. We've also reviewed our data breach incident response procedure.
All eduFOCUS Ltd staff have undertaken GDPR training on data management and security. All eduFOCUS Ltd staff are aware of the incident response procedures. We continue to conduct comprehensive ongoing security risk assessments. Security has always been a top priority for eduFOCUS Ltd, and this additional training and security measures builds on the robust protocols that already exist to prevent and respond to data breaches and vulnerabilities.
We've completed a comprehensive data audit to ensure we only collect data critical to business needs and will review our retained data regularly.
We have introduce new features to allow authorised users to hard delete data so that Data Controllers can comply with their obligations to destroy data where there is no longer a justifiable reason to retain the data.
We have introduced a new EVOLVE Data Security Dashboard which allows System Administrators to configure and implement additional security features including Two-Factor Authentication, Email Single Sign-On (ESSO), Password Expiry Periods, Password Reuse Rules, Password Fail Rules, Session Time-out Periods and a list of all users that have System Administrator permissions.
We have invested in additional data centre security features to help ensure protection of data, including DDoS security feature, Web Application Firewalls (WAFs), Proactive Threat Monitoring and Threat Response. Further information is available in 'EVOLVE Technical & Security Measures' in Resources.
If you have any questions, please let us know. We're here to help.