and the GDPR
In May 2018 the Data Protection Act will be replaced by the GDPR (General Data Protection Regulation).
RM acts as the data controller for its employee data and acts as a data processor for many of its customers. It has a range of measures in place to achieve compliance with current legislation and is reviewing these in order to ensure compliance with the GDPR before it becomes law. The ICO (Information Commissioner's Office) has issued guidance documents on GDPR transition, including “Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now.” RM is using this guidance to review its legal and contractual obligations, and where necessary, make the appropriate amendments to policy or practice.
RM has established a GDPR Working Group, with membership drawn from across the RM Group, to oversee the transition work. This group reports to the Group Security & Business Continuity Committee, which acts on behalf of the Executive on all matters relating to security and data protection governance. Find out more here
Does RM SafetyNet process data
in compliance with GDPR?
RM SafetyNet’s approach to data protection management is designed to be compliant with data protection legislation, including both the Data Protection Act and GDPR when it comes into force in May 2018.
How can RM SafetyNet help
with my GDPR compliance?
What data is stored in RM SafetyNet?
To comply with the school’s safeguarding obligations, RM SafetyNet has the ability to apply tailored filter lists to year groups, classes or individuals within your school. This also comes with a reporting ability to review internet browsing logs of your users to enable you to comply with the requirements under the Keeping Children Safe in Education statutory guidance for schools and colleges. This data will include:
- Name of user
- IP address
- Internet browsing and search history
RM ensure that this data is kept securely in transit and at rest using industry recognised standards.
Only administrators can view the data and we recommend that Multi-factor authentication is turned on for RM SafetyNet within the RM Unify administrator settings to add an additional layer of security to this data. Read our Tech Article.
We also recommend that the National Cyber Security Centre guidelines are followed to implement strong passwords for RM SafetyNet administration console: NCSC password guidance
If your RM SafetyNet establishment is part of a larger hierarchy such as Multi Academy Trust, Regional Broadband Consortia or Local Authority then the administrators at those establishments also have access to the school’s data, if you wish to know the details of this then please speak to those relevant organisations.
RM Support employees may have access to your data when required to support the school with a technical issue, this includes RM employees in RM ESI, our offices in India and this is set out in our terms and conditions. In these circumstances your data will leave the EEU but will be protected by RM’s strict security and data protection procedures following ISO 27001 best practice and as set out in our contract model clause.
Administrators can produce browsing reports for the last 5 days from the admin console, if further reports are required a support call would need to be logged with our service desk.
As an Internet Service Provider we have a legal obligation to retain the internet browsing records for 12 months.