Flowz Newsletter – September 2018

Article 30 (Records of Processing)

What the law states…

Organisations over 250 staff have to document all processing. Exemptions do apply to Small or Medium sized organisation with less than 250 staff, however, if they process the following they need to comply and document down within record of processing:

  1. Processing activities which are not occasional or
  2. Could result in high risk to the rights and freedoms of data subjects or
  3. Involve processing of special categories of data or criminal convictions and offence data


An article in the National Law Review says, working party confirms that employers of all sizes must maintain Article 30 Records of Processing for Human Resource data.

Click here to read more on this

G-Cloud 10 Success

Flowz has successfully been listed on G-Cloud 10, making its SaaS-based Product and services available to NHS Trusts via the latest iteration of government’s procurement framework.

Mark Jones, Managing Director, Flowz said “We are delighted to once again achieve accreditation for the latest G-Cloud framework. It will offer our NHS customers a more cost and time effective route to procure digital cloud services such as Flowz, so we encourage any trust considering such investment decisions to use G-Cloud 10.”

Trusts can access the key services needed to successfully deploy an electronic patient record, including service configuration, benefits realisation, data migration, project management, software testing, and staff training.

G-Cloud 10 is the Crown Commercial Services procurement framework for cloud-based computer services. For more information please see: https://ccs-agreements.cabinetoffice.gov.uk/g-cloud-10

Is a local authority a ‘competent body’?

A query raised by a customer at our recent FUG event.. The response was interesting:




The FUG (Flowz User Group)

In preparation of GDPR compliance date 25th May 2018, we held our 2nd quarterly FUG in early May to help customers get the most out of the system.

The meeting allowed our users to interact, and provide feedback on how they are managing the system.  David Stone was the lead speaker at the event and covered topics including:

  • The Latest 3.1 Releases
  • Training
  • Configuration
  • Product Roadmap
  • Community Forum
  • And much more

You can read more about how the FUG went here.

We will be holding our next FUG on Friday 14th September, once again in Friends House London.  This will follow our next product release, version 3.2

If you are interested in attending, please click here to read more and fill out our online request for attending

The invites to the event, along with a detailed agenda will be emailed out soon.

Details of 3.2 Release

What is going to be appearing in V3.2:

  • General
    • Entity Management (Asset, Flow and Person)
      • Copy feature (Clipboard)
      • Partial Edits based on User Role
    • New Main Menu including account management / messaging
  • Custom and Conditional Attributes and Groups
    • New-look Attributes for Modules; including help text on questions
  • Asset Management
    • Removal of the IAO/IAA dependency rule
    • Assign Assets to hierarchies directly (rather than through their owners)
    • Assign multiple Asset Administrators (support Delegated Approvers and Partial Edits)
  • Person Management
    • Improvements for SSO-enabled organisations
    • Multiple notes for Person (similar to Assets and Flows)
  • Organisation Management
    • New pages (similar in layout to Assets, Flows etc.)
    • New attributes for SSO-enabled organisations
    • New Organisation Settings Collection
  • Notifications and Messages
    • Basic Event Driven System Notifications
  • Attachments Management
  • Reports/Exports
    • Additional attributes
    • Additional Reports

Are you and partner organisations compliant to the new Data Protection legislation?

The Data Protection Act 2018 significantly increases an organisations obligations when processing personal data for legal enforcement purposes.

New requirements under Part 3 of the Data Protection Act 2018 outline new principles for the processing of personal data for legal enforcement purposes.  Part 3 also subsumes into UK law the EU Law Enforcement Directive (LED).  You will also need to consider if your organisation is a competent organisation or has a statutory duty it can rely upon.

Click here to read more

GDPR Changes

GDPR has made some changes to how some sector organisations process personal or special category of data. Some requirements apply to all sectors, others specific to public/private sector

Click here to read more

GDPR, Applied GDPR, and DPA 2018 Navigation

For the more geeky amongst us, May was an exciting month, with GDPR finally coming in to force, the Law Enforcement Directive, the repeal of the Data Protection Act 1998, getting the Data Protection Act 2018 at the last moment and myriad small changes hidden in the depths of the Byzantium complexity of the new law.

The Data Protection Act 2018 picks up the mantle of the Data Protection Act 1998 by being one of the worst constructed pieces of legislation on the statute books.

Click here to read more

Working Party 29

Working Party 29 Position Paper released 19/4/2018: The Derogations from the Obligation to Maintain Records of Processing Activities Pursuant to Article 30(5) GDPR. Follow this link to view the Position Paper.


This high level explanation of the position paper may also be a useful summary:


Click here to see what guidance has been published