gdpr key facts
With the Data Protection Act (DPA) being superseded by the General Data Protection Regulation (GDPR) on 25th May 2018, it is important for schools to ensure that their systems satisfy the requirements of GDPR.
When GDPR comes into force, the legal basis under which Gemma Books Ltd will hold and process personal data for users of the Gemma Books web system is that of legitimate interest.
The DfE has issued guidance to schools on GDPR, which recommends that schools ask their system suppliers six key questions about their systems, so we have answered these questions as follows:
Scope Which personal and special category data are contained within the system? Gemma Books holds the following personal data:

School Data
  • Basic school details such as school name, address, telephone numbers, contact persons, job titles, optional username and passwords for use with the Gemma Books web system

Sharing Does any personal data flow from the system onto anywhere else? We do not share user contact details with any 3rd party unless we are obligated to do so by the school or as a legal requirement
Retention What is the system’s data retention policy?
  • If the school no longer wishes to use our web system and would like all system data relating to them to be promptly removed then this will be done on request.
User Details
  • Details of Gemma Books web system users and their system usage are retained for up to 5 years for audit purposes after which these are destroyed.
Access How would you get the information for a subject access request out of the system? Subject access requests can be sent in writing to dpo@gemmabooks.com
Security How does the system ensure the security of the personal data held?
  • The entire Gemma Books web system is stored in a secure dedicated hosting environment, which is located in a secure UK-based facility (Fasthosts, ISO 27001)

  • The entire Gemma Books web system operates under SSL (Secure Socket Layers) and strong AES encryption techniques used for dormant data, such as data backups.

  • Server access controls are only used by members of the senior development team

  • Security tests are continually carried out by our senior development team and benchmarked against external bodies such as Qualys SSL Labs.

  • Numerous safeguards are in place to assist schools with their access of the system, eg unique usernames, strong hashed passwords, limited number of login attempts per user, different levels of access control, ability to disable logins irrespective of the validity of the entered details, etc

  • All relevant staff have completed non-disclosure forms.
Own Readiness Is this system supplier confident that they will be GDPR compliant by May 2018? Yes – to the best of our knowledge we believe that we are fully compliant with our GDPR requirements.

© 2018 Gemma Books Ltd, Foxwood Close, Foxwood Industrial Estate, Chesterfield, S41 9RB, England - Company Reg: 05106010
All Rights Reserved. This site is eco-friendly in that it has been created with 100% recycled pixels.