How can the Cloud help with GDPR?
By moving emails, documents and applications into a Cloud service in the UK or EU you can simplify the compliance process for GDPR.
The Councils remains the data controller and your Cloud provider assumes some of the responsibilities of data processor on behalf of the Council.
Primarily the Cloud provider becomes responsible for data security and data backups. This enables the Council
to implement a clean computer policy of not storing anything on laptops, desktops and tablets. Everything is stored in the Cloud and all applications are operated from Cloud based providers such as Office 365, Sage One Payroll, AdvantEDGE and Epitaph.
What is required from a Cloud provider?
For GDPR compliance, the following are required from all Cloud providers:
- Service Level Agreement
- Data centre in UK, EU or in 1 of 12 countries currently approved by an “EU adequacy decision”
Microsoft is leading the way in terms of GDPR compliance now that they have opened data centres in the UK albeit as a result of Brexit!
For GDPR compliance it is strongly recommended that UK or EU data centres are specified in the contract.
Data centres in the USA are intrinsically problematic because the US National Security Agency operates a mass surveillance policy. Currently many USA Cloud service providers are compliant because they are covered by a 12 month, rolling agreement called the EU-U.S. Privacy Shield. However, the previous agreement called Safe Harbour failed for 5 months from October 2015 to February 2016 and then it was replaced by the Privacy Shield.
It is probable that there will be future problems with the EU-U.S. Privacy Shield, and an agreement is necessary if a Council wants to use a USA based Cloud service and be GDPR compliant.
Is your Cloud provider GDPR compliant?
- EDGE – yes & UK data centre
- Google & Amazon Web Services – compliant but not yet as good as Microsoft
- Drop Box Pro – only compliant if Pro version & specify UK data centre
- Mail Chimp – compliant but USA data centre
- MicroShade – UK data centre
- Sage – yes & EU data centre
What does a Cloud based Council need?
Office 365 – Business Premium edition starts at £9.40* per month, per user.
It ensures that officers always have the latest version of Office installed on their devices, and they can also use the web based version of Office. Documents and files are accessible from any device by simply logging on to the Office 365 web portal. All emails are stored and archived in the Cloud, and emails are accessible via a web portal and typically via Outlook on any laptop, computer, tablet or mobile.
Office 365 Tips – Get professional IT support to setup your Team Site in Office 365 with the correct folder structure and security, and avoid using One Drive as this creates a local copy of your files which then needs to be protected!
“Office 365 is a great tool for email, and sharing information between staff. It is easy to use and accessible from all locations either office or home based and on a variety of hardware.
Great if you remember at 4.00 a.m. that you forgot to add something to an agenda or when weather or illness prevents you getting to the Office.”
Pam Dobson, Town Clerk
Whitby Town Council
Sage One Payroll – is ideal for most Councils with four bands supporting up to 5, 10, 15 or 25 employees. Prices start from £6* per month for 5 employees.
AdvantEDGE – EDGE have 25 years’ experience providing software designed for Local Councils and 12 years’ experience of providing the following software through the Cloud:
- Asset Management
- Agendas & Minutes
- Cemeteries (Epitaph)
- Customer Service (Clarity)
- Facilities for bookings
- Finance (from £10* per month)
In 2018 EDGE are developing a range of portals and apps for its AdvantEDGE range which builds on its Epitaph portals and Timesheet app.
If you need assistance with GDPR, or are interested in our software, IT support or have any IT requirements, please do not hesitate to contact us at EDGE.