Compliance is not enough
Whether you are a headteacher, an academy CEO or a school governor, the GDPR's "Accountability principle" holds you "responsible for ensuring and being able to demonstrate" that every process and activity involving Personal Information in your school or trust is compliant with each of the other six Privacy Principles.
Gaps in visibility and control
But that’s not easy. You will have a Record of Processing Activities ('ROPA') - as required by the GDPR - but is all that information in a spreadsheet?
Can you - and do you - use that information to work out what legal requirements apply and what security risks your pupils' and staff's personal information is exposed to, so you can be confident you have the right compliance and security measures in place?
APIMS does the heavy lifting
With expertise built in, it automates time-consuming and complex tasks:
- Creating records of your processing activities (ROPA)
- Establishing legal bases for each one
- Identifying risks and legal requirements
- Suggesting actions to address them
- Tracking actions to completion
- Providing real-time risk and control status reporting
- Generating audit-ready records to demonstrate compliance.
Saving you time
Creating all the records, reviews and reports necessary to comply with the GDPR eats into precious teaching time.
So, applying over 15 years' experience in Privacy and Data Protection, we have been able to develop a unique software programme that automatically generates a GDPR-compliant Record of Processing Activities (ROPA).
Simply answer a few questions about your school or academy, then check and edit your completed ROPA.
Being accountable under the UK GDPR means not only complying, but being able to demonstrate compliance - and that’s not possible without visibility and control of the Personal Information that’s being collected and processed right across your school or trust.
APIMS automatically assigns day-to-day responsibilities to the right people, creating clear lines of accountability with ownership of risks and remedial actions.
Automated risk & compliance tracking, reporting and, critically, automated record-keeping gives you the information and assurance you need to meet your legal obligations and provide assurance to auditors, regulators and stakeholders.