Leading the way in GDPR compliance
We understand the importance of protecting the data of your parents, students and staff. That’s why the ParentMail team have been working hard to lead the way in GDPR compliance!
Over the past few months, we have implemented a number of system updates and enhanced our services where necessary so that your school can be confident in our compliance with the new regulations.
Although your school were already legally obliged to keep data safe and secure (whether that’s staff and student information, paper files or an electronic database) the GDPR mean your school now has even greater responsibility for protecting data.
The enhancements and updates we have put in place supports you in this task, protecting your organisational reputation and helping you to comply with the new regulations. Schools and businesses who are not GDPR compliant could see fines of up to 4% of their turnover or €20 million imposed from the Information Commissioners Office, not to mention the impact on Ofsted ratings.
So, what have we been doing?
- We will now automatically remove inactive user accounts – ParentMail will delete any inactive user accounts after a period of 30 days (an inactive user account is classed as a parent record which has zero connections).
- Parents can unsubscribe from ParentMail – Parents will have control over their account, with the option to delete their account and unsubscribe from ParentMail communications if they wish.
- Schools can fulfil Subject Access Requests (SAR) – Schools can fulfil parent requests to provide any data the school holds about them, including personal data, user activity and received information.
- Schools can now view a parent’s feed – School administrators can view a list of items appearing in a parent’s ParentMail account but will be unable to view any personal data, allowing administrators to investigate parent queries.
- We now provide remote support sessions – ParentMail Support agents can provide a unique one-time code which must be entered by a school admin user within their account to grant temporary read-onlyaccess to the account for investigation and support purposes. This session will last for 30 days by default, however, both school users and ParentMail staff can end the session early should access no longer be required.
- Safer email attachments – Attachments are must now be downloaded via a link embedded in an email, rather than as an email attachment. This reduces risks concerning incorrect attachments; previously, if an email included the incorrect attachment, parents could still open the item even after it had been removed, whereas this new process means an attachment cannot be accessed if it has been deleted.
- Earlier this year we moved to Rackspace Private Cloud for increased security and protection of our customers data.
- Introduction of new terms and conditions in the form of a software licence including an updated GDPR clause and End User Licence Agreement for parents.
- Renewal of our Cyber Essentials accreditation to demonstrate our implementation of the most important cyber security measures.