From 25th May 2018, the EU’s General Data Protection Regulation replaces the UK’s Data Protection Act.
Schools, and other users of CASPA, must ensure that they are GDPR compliant; SGA Systems Ltd and RSE Insight Ltd must do the same.
Please click here for a guide to normal operation of CASPA with respect to the GDPR
Please click here for a guide to management of certain support incidents with respect to GDPR
- CASPA exists only on your IT ecosystem to which neither RSE Insight Ltd nor SGA Systems Ltd has access
- Annual data returns do not include Personal Data or Sensitive Personal Data and are therefore outside of the scope of the GDPR
- If you have to send files to us to resolve a rare support incident, these files could include Personal Data or Sensitive Personal Data (depending on which files are required to resolve the incident) and are therefore subject to the GDPR
- SGA Systems Ltd will never receive Personal Data or Sensitive Personal Data as all support activities are fulfilled by RSE Insight Ltd
- RSE Insight Ltd may need to process files containing Personal Data or Sensitive Personal Data if the support incident requires it and as a result, a data processing contract will be required between the CASPA user’s organisation and RSE Insight Ltd