myEVOLVE GDPR Compliance Statement – February 2018

We take your privacy very seriously and work to the highest standards to keep your data safe. We welcome the introduction of The General Data Protection Regulation (GDPR), which comes into force on the 25th May 2018, as it provides everyone with an opportunity to reflect upon the measures in place to protect data.

eduFOCUS Limited, the providers of the EVOLVE system, is committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR). Ongoing compliance is embedded in all processes and policies throughout our organisation.

eduFOCUS Limited is already registered with the Information Commissioners Office (ICO) both as a Data Processor for our customers’ data (the EVOLVE system) and as a Data Controller for our own company’s data. To ensure GDPR compliance we are undertaking a comprehensive review of our systems including:

• Conducting a GDPR gap analysis of our procedures, policies and records
• Reviewing how GDPR impacts on EVOLVE.
• Implementing a GDPR Compliance Framework
• Assessing the potential impact of GDPR on our customers
• Obtaining confirmation from our suppliers regarding their commitment to GDPR
• Reviewing customer contracts
• Implementing enhanced data protection security measures on our network infrastructure
• Training our team members in GDPR considerations

eduFOCUS has always taken the security of data very seriously and our UK-based data centre holds a range of accreditations including, the latest ISO27001:2013, ISO 27018:2014, G-Cloud 9, and the UK Government’s ‘Cyber Essentials’ Accreditation. Additionally, eduFOCUS’ network infrastructure benefits from dedicated firewalls and we are already implementing a range of additional security measures including:

• Inclusion in the DDoSX programme to provide advanced protection against DDoS attacks
• Installation of advanced Web Application Firewalls to automatically inspect every web request for cross-site scripting, SQL injection, path traversal and hundreds of other types of attacks
• Proactive threat monitoring on each server to detect host-based intrusion attempts, provide file integrity monitoring and vulnerability scans
• Dedicated team of security specialists to respond and mitigate threats

EVOLVE Top Tips for ensuring GDPR compliance

• Change your password regularly and keep this safe
• Never reveal or share your password with anyone. We will never ask you for your password when supporting you.
• Always keep your email address up to date in your profile for notifications.