GDPR, MultiMe and You: what you need to know
Data protection laws have changed.
On May 25th, the Europe-wide data protection regulation, known as the ‘GDPR’ (The General Data Protection Regulation), came into effect.
The new law:
- Enhances the regarding their personal data.
- Places more on those who process it.
- Covers , as well as digital, records.
At MultiMe our aim has always been to give our users control over and access to their information. We are therefore very much are in favour of the new law that builds transparency in the organisations that process user data and gives people more rights and control over their personal information and how it is used.
MultiMe is GDPR Compliant
We have always taken the privacy and security of data very seriously, we have never been, nor ever will be in the business of using or selling our user's personal data. Therefore we have not had to change much about how we work. We have however made a number of changes to improve our practice, please go to the section to see what these are.
The new law does require data processing contracts to contain particular words. So, if you have not done so already, please take a look at our new . This goes into detail about how we work and how we keep data secure and private. It should answer many of the questions you might have.
Our customers have duties under the GDPR
The customers who pay for us (schools, colleges, care and health providers, local authorities and other organisations) are data controllers for the data they add to MultiMe. We are their data processors.
The good news is that this means that, even if we wanted to, we can't do anything with the data on MultiMe without an instruction from our customer. The data is private.
But it does mean that some duties fall upon our customers, and some fall upon us. We need to work together to be GDPR compliant overall.
If you run a school or a provision that handles people's personal data and haven't already, we strongly urge you to learn about your responsibilities as data controller. A good starting point is the Information Commissioner’s Office.
The information you need from us will be in our '' and ' '.
If you are someone whose data is stored in MultiMe and just want a few key facts. They are:
- Our customers (schools, adult providers, local authorities and individuals etc) choose what data to store, who to store it about, what is done with it, and when it is deleted. We do not.
- We ONLY access the data stored by our customers in order to carry out our customer’s instructions, to maintain or improve the service or to fix faults. That means that, even if we wanted to, we cannot use our customer’s data for marketing.
- It also means we don't share data, unless a customer instructs us to (e.g., to transfer a child's data to a new school). We do use sub-contractors to process some of the data (you can see a list in ) but we are responsible for their actions and have placed restrictions on what they can do.
If you are someone whose data is stored on MultiMe and have a question that relates specifically to that data, please contact the person or organisation who added the data (the school, provider, carer etc). If they need help in answering your question, they can forward it on to us. We have to do it this way because we, as a data processor, have to make sure that any instructions we get are authorised by our customers.
For any other questions you can reach us at:
68 Bisley Road