and the GDPR
In May 2018 the Data Protection Act was replaced by the GDPR (General Data Protection Regulation).
RM acts as the data controller for its employee data and acts as a data processor for many of its customers. It has a range of measures in place to achieve compliance with current legislation and is reviewing these in order to ensure compliance with the GDPR before it becomes law. The ICO (Information Commissioner's Office) has issued guidance documents on GDPR transition, including “Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now.” RM is using this guidance to review its legal and contractual obligations, and where necessary, make the appropriate amendments to policy or practice.
Find out more here
Does RM SafetyNet process data
in compliance with GDPR?
RM SafetyNet’s approach to data protection management is designed to be compliant with data protection legislation, including the Data Protection Act 2018.
How can RM SafetyNet help
with my GDPR compliance?
What data is stored in RM SafetyNet?
To comply with the school’s safeguarding obligations, RM SafetyNet has the ability to apply tailored filter lists to year groups, classes or individuals within your school. This also comes with a reporting ability to review internet browsing logs of your users to enable you to comply with the requirements under the Keeping Children Safe in Education statutory guidance for schools and colleges. This data will include:
- Name of user
- Year group
- IP address
- Internet browsing and search history
Where you also have your internet connectivity provide by RM, we are required to keep this data for 12 months to comply with the Regulation of Investigatory Powers Act 2000. There is more information here
RM ensure that this data is kept securely in transit and at rest using industry recognised standards.
Only RM SafetyNet administrators can view the data and we recommend that Multi-factor authentication is turned on for RM SafetyNet within the RM Unify administrator settings to add an additional layer of security to this data. Read our Tech Article.
We also recommend that the National Cyber Security Centre guidelines are followed to implement strong passwords for RM SafetyNet administration console: NCSC password guidance
If your RM SafetyNet establishment is part of a larger hierarchy such as Multi Academy Trust, Regional Broadband Consortia or Local Authority then the administrators at those establishments also have access to the school’s data, if you wish to know the details of this then please speak to those relevant organisations.
RM Support and development employees may have access to your data when required to support the school with a technical issue, this includes RM employees in RM ESI, our offices in India and this is set out in our terms and conditions. In these circumstances your data will leave the EEU but will be protected by RM’s strict security and data protection procedures following ISO 27001 best practice and as set out in our contract model clause.
We use a “least privilege” approach to ensure that customer data is only accessed when absolutely required and with the customer’s knowledge. All access is logged and can be audited if required.
Administrators can produce browsing reports for any five-day period within the last 12 months from the admin console, if further reports are required a support call would need to be logged with our service desk.