GDPR - What this means for SCO v2.4
Is 25th May 2018 a highlighted date in your diary? It is in ours, not just because it's the last Friday in May and for many the first day of the half term break, but because it's the date that the General Data Protection Regulation (GDPR) comes in to force.

The GDPR replaces the Data Protection Act 1998, and whilst most people have now heard of GDPR, not everyone is aware of what it will mean in practice. All companies who process data on EU citizens must comply with the new requirements, and there are hefty fines for those in breach so it's important that it's taken seriously.

Here we bring you a quick guide to the main changes and what it will mean for Schools Cash Office v2.4.

Right to erasure - "Right to be forgotten":
Individuals can now request that their data is completely removed from your systems, although there are permitted exceptions to this such as where data needs to be retained to satisfy legal requirements. For SCO this means that data required for financial audit can legitimately be retained for 7 years (covering 6 full financial years of records), so data that falls outside this, beyond the boundaries of what is required for audit or other legal or legitimate purposes will be subject to SCO's data retention processes.

We have also added a new feature to scopay.com to allow online account holders to trigger the deletion of their own account.

Subject Access Requests:
Individuals have a right to obtain confirmation as to whether their data is being processed along with a right of access to their personal data by making a Subject Access Request (SAR). SARs need to be responded to within 1 month of the request being made.

The Subject Access Request menu option within SCO v2.4 assists users in responding to these requests by collating data from across the separate SCO modules and presenting it back in csv format.

Right to rectification:
Individuals have a right to request that personal data is rectified without undue delay if the data is incomplete or inaccurate. Any data held needs to be amended quickly.

A right to Data Portability.
Individuals have the right to receive a copy of any data that they have originally provided in a "commonly used and machine-readable format" in order to allow transfer over to a third party if required.

SCO v2.4 allows all data forming part of the Subject Access Request response to be exported to .csv format through Excel.

Other areas

Schools must prove their compliance with the General Data Protection Regulation by employing suitable policies and procedures. This may also include updating privacy notices, appointing a Data Protection Officer and documenting a privacy impact assessment.

Our own privacy notices have also been updated in line with GDPR.

If you are a Tucasi customer and would like to discuss any GDPR implications on your Schools Cash Office system, please submit an online query and we will get in touch.
Related Articles