Flowz Newsletter – September 2018
Article 30 (Records of Processing)
What the law states…
Organisations over 250 staff have to document all processing. Exemptions do apply to Small or Medium sized organisation with less than 250 staff, however, if they process the following they need to comply and document down within record of processing:
- Processing activities which are not occasional or
- Could result in high risk to the rights and freedoms of data subjects or
- Involve processing of special categories of data or criminal convictions and offence data
An article in the National Law Review says, working party confirms that employers of all sizes must maintain Article 30 Records of Processing for Human Resource data.
G-Cloud 10 Success
Flowz has successfully been listed on G-Cloud 10, making its SaaS-based Product and services available to NHS Trusts via the latest iteration of government’s procurement framework.
Mark Jones, Managing Director, Flowz said “We are delighted to once again achieve accreditation for the latest G-Cloud framework. It will offer our NHS customers a more cost and time effective route to procure digital cloud services such as Flowz, so we encourage any trust considering such investment decisions to use G-Cloud 10.”
Trusts can access the key services needed to successfully deploy an electronic patient record, including service configuration, benefits realisation, data migration, project management, software testing, and staff training.
G-Cloud 10 is the Crown Commercial Services procurement framework for cloud-based computer services. For more information please see: https://ccs-agreements.cabinetoffice.gov.uk/g-cloud-10
Is a local authority a ‘competent body’?
A query raised by a customer at our recent FUG event.. The response was interesting:
That was my view, we would clearly have some areas where this applies-I was quite surprised to hear another view and that there is some uncertainty- thanks!— JoBeer (@JoBeer99) May 8, 2018
More #GDPRubbish from an IT/infosec solution vendor - claiming that monitoring a network for infosec breaches makes you “fully compliant” with GDPR is not just borderline fraudulent and dreadfully irresponsible, it’s also moronically stupid— Miss IG Geek (@MissIG_Geek) March 21, 2018
The FUG (Flowz User Group)
In preparation of GDPR compliance date 25th May 2018, we held our 2nd quarterly FUG in early May to help customers get the most out of the system.
The meeting allowed our users to interact, and provide feedback on how they are managing the system. David Stone was the lead speaker at the event and covered topics including:
- The Latest 3.1 Releases
- Product Roadmap
- Community Forum
- And much more
You can read more about how the FUG went here.
We will be holding our next FUG on Friday 14th September, once again in Friends House London. This will follow our next product release, version 3.2
If you are interested in attending, please click here to read more and fill out our online request for attending
The invites to the event, along with a detailed agenda will be emailed out soon.
Details of 3.2 Release
What is going to be appearing in V3.2:
- Entity Management (Asset, Flow and Person)
- Copy feature (Clipboard)
- Partial Edits based on User Role
- New Main Menu including account management / messaging
- Entity Management (Asset, Flow and Person)
- Custom and Conditional Attributes and Groups
- New-look Attributes for Modules; including help text on questions
- Asset Management
- Removal of the IAO/IAA dependency rule
- Assign Assets to hierarchies directly (rather than through their owners)
- Assign multiple Asset Administrators (support Delegated Approvers and Partial Edits)
- Person Management
- Improvements for SSO-enabled organisations
- Multiple notes for Person (similar to Assets and Flows)
- Organisation Management
- New pages (similar in layout to Assets, Flows etc.)
- New attributes for SSO-enabled organisations
- New Organisation Settings Collection
- Notifications and Messages
- Basic Event Driven System Notifications
- Attachments Management
- Additional attributes
- Additional Reports
Are you and partner organisations compliant to the new Data Protection legislation?
The Data Protection Act 2018 significantly increases an organisations obligations when processing personal data for legal enforcement purposes.
New requirements under Part 3 of the Data Protection Act 2018 outline new principles for the processing of personal data for legal enforcement purposes. Part 3 also subsumes into UK law the EU Law Enforcement Directive (LED). You will also need to consider if your organisation is a competent organisation or has a statutory duty it can rely upon.
GDPR has made some changes to how some sector organisations process personal or special category of data. Some requirements apply to all sectors, others specific to public/private sector
GDPR, Applied GDPR, and DPA 2018 Navigation
For the more geeky amongst us, May was an exciting month, with GDPR finally coming in to force, the Law Enforcement Directive, the repeal of the Data Protection Act 1998, getting the Data Protection Act 2018 at the last moment and myriad small changes hidden in the depths of the Byzantium complexity of the new law.
The Data Protection Act 2018 picks up the mantle of the Data Protection Act 1998 by being one of the worst constructed pieces of legislation on the statute books.
Working Party 29
Working Party 29 Position Paper released 19/4/2018: The Derogations from the Obligation to Maintain Records of Processing Activities Pursuant to Article 30(5) GDPR. Follow this link to view the Position Paper.
This high level explanation of the position paper may also be a useful summary: