While the data retention requirements under the GDPR are not much different from data protection law, we need to address this issue and make concerted efforts to make improvements in 2018. This function (as for the deletion mentioned below) is very complicated and requires a lot of analysis and development, since there are many things that we need to take into account. Our plan is to work on this during the summer construction phase of the software (which will start towards the end of January 2018), but due to its complexity, it is likely that the feature will not be ready until the fall of 2018. Although data retention work focuses on removing data pockets, i.e. benefits, from a selection of students, for example: Those who left school 10 years ago, this deletion for a date range is the deletion (or, if applicable, anonymization) of an entire set of personal data, what the GDPR calls „the right to be forgotten”. When entering into an agreement with a cloud service provider, each school/data controller must be satisfied that the relevant service provider carries out its processing in accordance with its requirements (ensuring compliance with the Data Protection Act 1998 (DPA) by the data controller and, by default, by the data provider). This document is intended to explain what is necessary and what the services of Capita Childrens will do with regard to the processing of your data as data processors. The document contains a copy of Capita`s ISO 27001 certificate, which confirms that the processes and procedures carried out by Capita with regard to your data processing are audited and at least meet recognized national standards. As data retention is not an easy task, we need to think about how SIMS handles connected datasets, we need to make legal reports beforehand, etc., the analysis of this work will need to be subject to due diligence and we hope to be able to provide this functionality in the fall of 2018. This may mean that a school must now obtain a school`s consent to use its data for emails or text messages.
However, the OIC`s instruction is that consent should be the last legal option for data processing. Many schools will have other ways to process a person`s data, which will mainly be a legal basis for legal statements, for example, or in a data protection declaration.. . .