Hi everyone. The following article I have written is worth reading as it explains some new data protection standards that come into effect shortly. Online Camera Ed is pleased to report that we are all set ahead of the deadline for these standards to come into effect so read on for more details.
The General Data Protection Regulation (referred to as GDPR from here) comes into effect on the 25th May 2018. It is all about data governance and in our case that translates to where data is stored and how is it secured.
The GDPR applies to any business operating in the European Union and also any business having customers in the European Union. While Online Camera Ed is based in Australia we do have customers overseas plus we feel this regulation is a good one to secure data here in Australia so we have adopted the GDPR standards. In reality the GDPR is not too different from Australian Privacy Principles and the Australian Privacy Act (only stronger) which we already fully comply with.
Our ethos is always to be transparent in what we do so here is some explanation about GDPR and our systems we have in place.
Online Camera Ed has two main areas affected by the GDPR and they are payment management and student details management.
Before explaining the details please be aware that we never share any student information or payment information. Even things such as the use of a student image is only done after receiving written permission from the student to use it first.
Our status report is as follows:
Payments are managed for us by Paypal and Braintree which is also owned by Paypal. Online Camera Ed does not store credit card details at all but rather these are stored by Paypal and Braintree which is owned by Paypal. Paypal and Braintree which is owned by Paypal offer some of the most stringent data protection systems in the world and protection is at an extremely high level. We deliberately went with Paypal and Braintree which is owned by Paypal due to their security and the fact that we did not have to store personal credit card details on our system. No breaches of customer payment information have ever happened and we can report that world standard security systems are in place to manage this into the future as supplied by Paypal and Braintree which is owned by Paypal. So in summary all personal payment information is fully secured.
Student Details Management
The other area we manage is that of student information which is set up when someone enrols with us. Data captured is private and we do not ever share this with anyone. It does contain name, address, email address and phone number data and we treat the management of this as a high priority. No breaches of the security of this data have ever happened and we manage this in the following way:
Our web services provider is Newcastle based company Jezweb. Our web servers are also located in Australia and are GDPR compliant. The Online Camera Ed website has a software firewall in place to block malicious activity and the data centre uses hardware firewalls to help guard against attacks. So this provides a two tier firewall system and it is highly secured. All users protect their account by way of self defining their username and password. Passwords are not visible at any time to Online Camera Ed making them secure. Students are responsible for the security of their account by not sharing their username and password information. If in doubt contact us on firstname.lastname@example.org and request a password reset. We have never suffered a data breach.
Also forms used on our site also contain student agreement checkboxes just to record that you agree and are aware of the data protection strategies we use. This is a term of GDPR compliance.
Data Protection Officer
The final part of our GDPR policy is that we have appointed Brian Beitz as our data protection officer. Brian who is one of the business owners has intimate knowledge of all systems we use and is your point of contact if you would like to discuss any GDPR issues. He is best reached by email at email@example.com
Online Camera Ed has taken proactive steps to ensuring our compliance with GDPR ahead of schedule and this ultimately benefits all of our students knowing that we take the management of their private information very seriously.