Home News GVS Data Processing Obligations for GDPR
News Events Blog

GVS Data Processing Obligations for GDPR

Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on 25 May 2018. The GDPR affects European and non-European businesses using online solutions when their sites and apps are accessed by users in the European Economic Area (EEA). Today we are sharing more about our preparations for the GDPR - including updating our cooperation agreements with colleges, defining our internal and external processes, and technical changes to our products and services, to help both our partners, clients and GVS meet the new requirements.

Updated cooperation agreement

The cooperation agreements between Global Vocational Skills Ltd. and colleges have been updated with our Data Processing Obligations to reflect the new legal requirements of the GDPR. A new Addendum will supplement the contracts with Global Vocational Skills Ltd. and will come into force on 25 May 2018.

Defining our internal and external processes 

We have been reviewing the ways we collect, store, protect and dispose of personal data by all GVS teams:

  • The ways in which such data is handled have been verified against the legal requirements
  • The internal and external processes have been optimised and GVS staff have received appropriate training on information security, data protection and data encryption
  • Steps are being taken to minimise the processing of personal information
  • All our company internal and external documentation is being updated to reflect the security policies related to handling of various types of personal data

Technical changes 

To comply, and support your compliance with GDPR, we are putting in place appropriate IT security measures:

  • Introducing USB encryption and enhanced in-house IT infrastructure and cloud security 
  • Implementing SSL encryption of GVS PiLOT
  • Local network and GVS PiLOT penetration testing
  • Obtaining Data Protection Policy statements from outsourced developers who work on GVS projects
  • Securing cloud apps with admin access

To comply with the EU user consent policy, we are exploring what technical changes are necessary to allow us to obtain end users’ legally valid consent to:

  • The use of cookies or other local storage where legally required
  • The collection, sharing, and use of personal data for improvement of our future services

We are also working on how we:

  • Retain records of consent given by end users;
  • Provide end users with clear instructions for revocation of consent
  • Identify each party that may collect, receive, or use end users’ personal data as a result of your use of i-GVS products
  • Provide end users with prominent and easily accessible information about that party’s use of end users’ personal data 

Find out more

You can refer to our Legal page to learn more about Global Vocational Skills data protection and cookies policies and approach. If you have any questions about this update, please don't hesitate to reach out to your profile administrator or point of contact at GVS.