Home / GDPR (Data Protection)

GDPR (Data Protection)

.

Westcountry SEN processes a huge amount of data on a daily basis. We store and process information on our tutors, clients, students and administrative staff.  In this day and age, storing and processing can sound sinister, but all that means is we can move information from one place to another.

Information from emails is moved onto the client assessment form, moved on to Westcountry SEN’s system and linked to your tutor account with us so you can see the requested tuition details, write reports and view your calendar.

Reports and invoices are sent to clients at the end of the week and our accounts manager can check the lesson logs and use that data to calculate pay due to you.

We hold activity logs on the whiteboard so we can see when a student has logged on and see where any faults are.

Westcountry SEN moves data consistently on a daily basis. However, we are especially careful with all data. Even without the GDPR laws which we will go through, we ensure everyone’s privacy and treat their data with respect. We must never risk any clients, students, tutors, administrator or associate of Westcountry SEN having their data compromised.

Westcountry SEN will never share or compromise any data by passing this data on to a third party or putting their data at risk.

Due to Westcountry SEN processing data as it does, we are part of and regulated by the Information Commissioning office (ICO).

So, what is GDPR?

GDPR stands for General Data Protection Regulation, it came into force on the 25th of May 2018.

It replaced the Data Protection Act that was formed in 1998. We live in a digital world now, so the GDPR brought about updates regarding the consent, storage and processing of data. What made GDPR such a scary prospect for business were the huge fines if client data was not protected or if a business were lazy with their data protection measures.

Failure to comply with GDPR regulations can lead to a fine of up to 20 million Euros. Roughly 17 million in pound sterling.

Westcountry SEN is completely compliant with its data protection policies and privacy policies. The steps we have in place as an organisation mean we have nothing to worry about.

If you are working within the following guidelines, which are mainly common sense and not hard, you have nothing to worry about at all.

Westcountry SEN has provided all the tools and systems you need to protect your clients, students and your own data. You must work using these tools and systems. If you do not follow these guidelines, then Westcountry SEN cannot be held accountable for the data and the investigation will seek to pass fines onto the tutor, not the company which none of us want.

Personal Data

There are multiple types of data that can be used to identify a person.

  • Name
  • Phone number
  • Address
  • IP address
  • Email

Additionally, we are protecting client and student confidentialities. So, this is any information that another person could use to know something about another.

Cloud Storage

95% of Westcountry SEN’s data is cloud storage. Cloud storage is where the data is stored and managed digitally via the internet in a secure pocket. You need a password to get in, and without that password, no one can enter.

Your work email is a Westcountry SEN business email. It is part of a company Gmail account. All emails you send within the company are protected, encrypted and secure.

From within your Gmail account, you have access to the company Google documents, sheets, Google drive, slides and other useful software.   You can share these documents by just adding another person from the company to them, and you can edit these documents together in real time

 

The use of this Gmail account is significant as a password is required to gain access. This is effectively like a lock however, if you save your password on your computer, or you leave your phone/laptop open, you are effectively leaving the door open to your company information.

 

 

 

If you do need to save a password, you MUST have a lock on the device you are using.

  • Face ID
  • Fingerprint recognition
  • Pin code
  • Password

You must NEVER save any password to a computer that any member of the public, your family, spouse, significant other, family or friends could access your account.

Your Tutor dashboard

Your tutor dashboard is a cloud-based CRM system we use from Tutorcruncher. It is a modified version and is shared with Westcountry Tuition (that is also registered with the ICO)

Our system processes the most data within the organisation

  • Logging in activity
  • Lesson reports
  • Accounting information
  • Whiteboard data
  • Schedule
  • Names
  • Address
  • Phone numbers
  • Email addresses
  • IP addresses
  • Financial information
  • Photos
  • Documentation

This system is secure in that you need a username and a password that is unique to you in order to access it. Each Westcountry SEN employee has their own areas where they can go that is relevant to their job role.

Think of it as a huge building. If you are tutor, you have access to lesson reports and requested tuition details, that are associated with the students you work with. You can look at and view your own documents, but you cannot look at or view any other tutors’ document’s.  The accounts manager can see all accounting information relevant to all the clients but cannot see any of the session reports or which students each tutor is assigned to.

Your unique password is just the same as having keys to certain doors to access the rooms that are appropriate to you. You must protect these doors from anyone outside of the organisation, or anyone that is not associated with your student and the client.

As before:

If you do need to save a password, you MUST have a lock on the device you are using.

  • Face id
  • Fingerprint recognition
  • Pin code
  • Password

You must NEVER save any password to a computer where any members of the public, your family, spouse, significant other, family or friends can access your account.

As long as you are careful with your usernames and passwords and you keep all information in the cloud, you are GDPR compliant and working within the guidelines.

How tutors can slip up

Downloading onto their computer.

If you download something onto your computer, even innocently opening a file you are entitled to see, you leave a copy of it in your download files. This copy is now living in your computer / laptop / tablet / phone rather than in the cloud. You might think, well I have a password on my devices, so that’s ok. However, we will see why it will cause a problem later.

You must always go through your download history on your devices and delete any documents you have downloaded to view on your devise.

Saving onto work created files.

Any documents that contain personal data that are stored on your computer outside of this cloud are also in breach of Westcountry SEN’s GDPR policy.

It’s all to do with the right to be deleted. Let’s say a client (Mrs Smith) and the student (Mrs Smith’s child; Tommy) want to leave Westcountry SEN and no longer have any support. They have a right to request all their data to be deleted.

With one click of a button, this is possible with all our cloud-based documents. We can delete them out of the system and all their data will be deleted right across the cloud. We will be data complaint and respectful of the client’s wishes.

However, what happens if you have been illegally making your own notes at home? What happens if you have been downloading any documents that contain their data and not been wiping them from your computer? What happens if you have decided you do not want to use our digital calendar and instead have a paper diary and you have been writing names? Can we make sure all the client’s data is deleted and destroyed?  If you have been making your own notes and working outside of the cloud, the answer is no.

Therefore, you must understand it is a crucial part of your job to keep client data in the cloud. Within the Gmail documents, within Tutorcruncher and deleting your download history. Additionally, you ensure you protect access to the cloud at all times and that your devices all contain antivirus software to prevent data being stolen,

Never write client names, telephone number or any details in a paper diary you choose to use. DO NOT have your own personal files on students or anything associated with Westcountry SEN and keep all information within the cloud.

In summary

  • Do not save passwords unless you have to
  • Keep Passwords secure
  • Any device you use must have security features such as passwords, face ID fingerprint ID
  • Log out after every session on every Westcountry SEN cloud-based software.
  • Do not save any passwords on any shared computer
  • Do not download unnecessary documents. If you do need to download them, do not save them and delete your download history.
  • Make it easy for all client’s data to be deleted
  • Do not write any Westcountry SEN passwords on paper.

What do I do if I have leaked client’s data by accident?

Like all things, being upfront about it and reporting it straight away will protect any serious trouble occurring. Just say your laptop gets stolen, or your handbag is stolen, and you have not been careful with client’s data. You must report it straight away to the Director of Westcountry SEN [email protected]  and the Director will let the ICO know. Together the Director and the ICO can work to minimise any misuse of the data and we can adapt our systems to remove as much client data from being accessed as possible.

However,  attempting to cover it up or not being honest  will result in disciplinary action and huge fines can occur.