GDPR, MultiMe and You: what you need to know

Data protection laws have changed.

On May 25th, the Europe-wide data protection regulation, known as the ‘GDPR’ (The General Data Protection Regulation), came into effect.

The new law:

  1. Enhances the rights of people in the EU regarding their personal data.
  2. Places more stringent rules on those who process it.
  3. Covers paper based , as well as digital, records.

At MultiMe our aim has always been to give our users control over and access to their information. We are therefore very much are in favour of the new law that builds transparency in the organisations that process user data and gives people more rights and control over their personal information and how it is used. 

MultiMe is GDPR Compliant

We have always taken the privacy and security of data very seriously, we have never been, nor ever will be in the business of using or selling our user's personal data. Therefore we have not had to change much about how we work. We have however made a number of changes to improve our practice, please go to the Changes we have made  section to see what these are.

The new law does require data processing contracts to contain particular words. So, if you have not done so already, please take a look at our new Privacy Policy . This goes into detail about how we work and how we keep data secure and private. It should answer many of the questions you might have.


Our customers have duties under the GDPR

The customers who pay for us (schools, colleges, care and health providers, local authorities and other organisations) are data controllers for the data they add to MultiMe. We are their data processors.

The good news is that this means that, even if we wanted to, we can't do anything with the data on MultiMe without an instruction from our customer. The data is private.

But it does mean that some duties fall upon our customers, and some fall upon us. We need to work together to be GDPR compliant overall.

If you run a school or a provision that handles people's personal data and haven't already, we strongly urge you to learn about your responsibilities as data controller. A good starting point is the Information Commissioner’s Office


MultiMe’s Privacy Policy

One of our customer's duties is to write a privacy policy. This is because only they know what they are storing, why they are storing it, and how long they are storing it for. We have to provide them with the information they need about our systems in order to write that policy.

If you are one of our customers, the Information Commissioner's Office explains what needs to be included. A privacy policy might need to cover all the data stored on relatives and children in all the systems you use, not just MultiMe. That includes written records, billing systems, management systems, communication systems and other progress tracking systems.

The information you need from us will be in our 'Privacy Policy ' and 'Terms & Conditions '.

If you are someone whose data is stored in MultiMe and just want a few key facts. They are:

  • Our customers (schools, adult providers, local authorities and individuals etc) choose what data to store, who to store it about, what is done with it, and when it is deleted. We do not.
  • We ONLY access the data stored by our customers in order to carry out our customer’s instructions, to maintain or improve the service or to fix faults. That means that, even if we wanted to, we cannot use our customer’s data for marketing.
  • It also means we don't share data, unless a customer instructs us to (e.g., to transfer a child's data to a new school). We do use sub-contractors to process some of the data (you can see a list in Third Party Providers ) but we are responsible for their actions and have placed restrictions on what they can do.

Useful Links

Contacting us

If you are someone whose data is stored on MultiMe and have a question that relates specifically to that data, please contact the person or organisation who added the data (the school, provider, carer etc). If they need help in answering your question, they can forward it on to us. We have to do it this way because we, as a data processor, have to make sure that any instructions we get are authorised by our customers.

For any other questions you can reach us at:


68 Bisley Road