About GDPR and multi me

Data protection laws have changed. GDPR, multi me and you: what you need to know

On May 25th, the Europe-wide data protection regulation, known as the ‘GDPR’ (The General Data Protection Regulation), came into effect.

The new law:

1. Enhances the rights of people in the EU regarding their personal data.

2. Places more stringent rules on those who process it.

3. Covers paper based , as well as digital, records.

At MULTI-ME Ltd. our aim has always been to give our users control over and access to their information. We are therefore very much are in favour of the new law that builds transparency in the organisations that process user data and gives people more rights and control over their personal information and how it is used. 

multi me is GDPR Compliant

We have always taken the privacy and security of data very seriously, we have never been, nor ever will be in the business of using or selling our user's personal data. Therefore we have not had to change much about how we work. We have however made a number of changes to improve our practice, please go to the Changes we have made  section to see what these are.

The new law does require data processing contracts to contain particular words. So, if you have not done so already, please take a look at our new Privacy Policy . This goes into detail about how we work and how we keep data secure and private. It should answer many of the questions you might have.

Our customers also have duties under the GDPR

The customers who pay for us (schools, colleges, care and health providers, local authorities and other organisations) have joint responsibility as data controllers for the data they add to multi me. multi me and the third-party services we use to process your data, such as Amazon Web Services, are the data processors.

The good news is that this means that, even if we wanted to, we can't do anything with the data on multi me without an instruction from our customer. The data is private.

But it does mean that some duties fall upon our customers, and some fall upon us. We need to work together to be GDPR compliant overall.

If you run a school or a provision that handles people's personal data and haven't already, we strongly urge you to learn about your responsibilities as data controller. A good starting point is the Information Commissioner’s Office. 

One of our customer's duties is to write a privacy policy. This is because only they know what they are storing, why they are storing it, and how long they are storing it for. We have to provide them with the information they need about our systems in order to write that policy.

If you are one of our customers, the Information Commissioner's Office explains what needs to be included. A privacy policy might need to cover all the data stored on relatives and children in all the systems you use, not just multi me. That includes written records, billing systems, management systems, communication systems and other progress tracking systems.

The information you need from us will be in our 'Privacy Policy ' and 'Terms & Conditions '.

If you are someone whose data is stored in multi me and just want a few key facts. They are:

• Our customers (schools, adult providers, local authorities and individuals etc) choose what data to store, who to store it about, what is done with it, and when it is deleted. We do not.

• We ONLY access the data stored by our customers in order to carry out our customer’s instructions, to maintain or improve the service or to fix faults. That means that, even if we wanted to, we cannot use our customer’s data for marketing.

• It also means we don't share data, unless a customer instructs us to (e.g., to transfer a child's data to a new school). We do use sub-contractors to process some of the data (you can see a list in Third Party Providers ) but we are responsible for their actions and have placed restrictions on what they can do.

Useful Links

• View A guide to GDPR and using the multi me platform

• Download Our Pupil Consent Form for Schools and Colleges

• View Our Safeguarding & Security information

• Go to ICO Your rights under the GDPR

• Got to ICO The UK Information Commissioner's Office (ICO)

Contacting us

If you are someone whose data is stored on multi me and have a question that relates specifically to that data, please contact the person or organisation who added the data (the school, provider, carer etc). If they need help in answering your question, they can forward it on to us. We have to do it this way because we, as a data processor, have to make sure that any instructions we get are authorised by our customers.

For any other questions you can reach us at:

MULTI-ME Ltd 

68 Bisley Road

Stroud

Gloucestershire

GL5 1HG

privacy@multime.com