As a supplier of services to educational establishments, we are aware of our obligations within the terms of the new GDPR regulations coming into effect in May 2018. Schools are the legal owners of their data – the ‘data controller’ – as a supplier of services that hosts this personal data on behalf of the data controller, we are the ‘data processor’.
Scomis treat the handling of this data seriously and in 2016 obtained certification to the ISO 27001 information security standard, which ensures robust third party auditing of our procedures and processes. We are working with Devon County Council’s Information Governance team to ensure that we fulfill our obligations as a data processor. Scomis will be providing further updates and general guidance via our usual channels.