From 25th May 2018, the EU’s General Data Protection Regulation replaces the UK’s Data Protection Act.
Schools, and other users of CASPA, must ensure that they are GDPR compliant; SGA Systems Ltd and RSE Insight Ltd must do the same.
Please click here for a guide to normal operation of CASPA with respect to the GDPR
Please click here for a guide to management of certain support incidents with respect to GDPR
- CASPA exists only on your IT ecosystem to which neither RSE Insight Ltd nor SGA Systems Ltd has access
- Annual data returns do not include Personal Data or Sensitive Personal Data and are therefore outside of the scope of the GDPR
- If you have to send files to us to resolve a rare support incident, these files could include Personal Data or Sensitive Personal Data (depending on which files are required to resolve the incident) and are therefore subject to the GDPR
- SGA Systems Ltd will never receive Personal Data or Sensitive Personal Data as all support activities are fulfilled by RSE Insight Ltd
- RSE Insight Ltd may need to process files containing Personal Data or Sensitive Personal Data if the support incident requires it and as a result, a data processing agreement will be required between the CASPA user’s organisation and RSE Insight Ltd
Data processing agreement
Further to the guide to management of certain support incidents with respect to GDPR linked above (Processing of personal data to provide technical support for CASPA under the GDPR), if a CASPA user needs to send files to RSE Insight to investigate and/or resolve an issue, a data processing agreement may be a pre-requisite to sending the necessary files. Since not all files sent contain Personal Data or Sensitive Personal Data, RSE Insight will advise whether the files required fall into this category.
Since we carry out no data processing until relevant files are needed to resolve a support incident, it is not necessary to have a data processing agreement every organisation using CASPA. The vast majority of organisations using CASPA never need to send these types of files to us.
However, should an issue be discovered by a CASPA user that requires files to be sent to RSE Insight and those files contain Personal Data or Sensitive Personal Data, there would be a delay whilst the data processing agreement is agreed and signed as RSE Insight must not accept relevant files without this agreement, and the sending organisation must not send them. As a result, the addendum can be signed and returned to RSE Insight in advance if you wish.
Please click here for our Data Processing Addendum, either to view or to download, sign and return.
Privacy notices relating to CASPA are published below:
RSE Insight Ltd – Click here
SGA Systems Ltd – Click here