Structured Network Solutions UK Ltd is required to comply with the new General Data Protection Regulation. (For the purposes of this document Structured Network Solutions will be referred to as the company.)
Chris Watkins is the appointed Data Protection Office to whom you should address any queries relating to school’s data or the General Data Protection Regulations.
The company provides an offsite backup service to schools. The company do not process this data. When data needs to be retrieved following a request from the school it will only be downloaded to the server that has backed it up. In exceptional circumstances where this is not possible written consent will be sort from the school before any processing is carried out. The type of exceptional circumstance could be part of a disaster recovery process following server damage relating to fire or flood.
CloudBerry is the backup client used by the company. It is HIPAA compliant with all data encrypted at source (server to be backed up) and only decrypted on final receipt of data to the original server is was sent from. The transfer occurs between the school’s server (via Cloudberry client) and Amazon S3 only. AWS is HIPAA compliant. All data is held within Europe.
No electronic data is removed from any school or uploaded from any school machine unless it is necessary as part of the IT services supplied to the school and for which prior consent has been obtained.
All companies staff are aware that they should ensure that no data is accidentally removed on memory pens, USB hard drives or any other portable data storage devices. If the company has been asked by the school to arrange redundant equipment to be removed for disposal, written instruction will be required. The company only use HMG Approved Data erasure disposal specialists. If the school require a different solution, such as physical destruction of hard drives or data storage devices they should included this requirement in their written authorisation to remove equipment.
Any remote connection session to the school’s IT systems should only be carried out from machines located within the company’s offices, and using approved encrypted remote clients, unless in exceptional circumstances where prior approval will be obtained from the school.
In the rare event of data needing to be downloaded or transferred to a third party, written consent obtained from the school. These events might include disaster recover or corrupt data bases that need to be sent to the software vendor of said database for repair.
In these circumstances any such data transfer is recorded by the company and deleted immediately upon completion of the work.