Suppliers & Products
Our Suppliers area offers a comprehensive list of suppliers and their products, with instant mapping. As part of our product mapping process GDPRiS stores information on the standard data processed by each supplier. GDPRiS goes a step further by capturing the legal basis for processing, retention information and how the rights of the data subject are met.
Our Suppliers area forms an integral part of demonstrating your compliance under GDPR.
Which Suppliers should be added to the GDPRiS tool?
Confusion may arise to which of the hundreds of suppliers used by a school should become part of a data audit and thus be added to GDPRiS.
Every supplier does not need to be added into GDPRiS, only the ones where the school is the principal or shared data controller.
Here are some examples:
A book supplier asks the person ordering the books for their name, phone number and email address. The book supplier is the data controller and is responsible to keep your data safe and you have all the rights to ensure it is safe and correctly managed. However, this supplier would not be part of your audit.
THIS SUPPLIER WOULD NOT BE ADDED TO GDPRiS
A book supplier has an area online where a teacher can test their students on the content of their books. The teacher uploads student names and student’s login in to do the tests. Here is an example where the supplier is processing data for the data controller (the school).
THIS SUPPLIER WOULD BE ADDED TO GDPRiS
Navigate to the Suppliers and DPIAs area of the portal via the Supplier Management area on the navigation pane.
Find your Supplier
When you are in the Suppliers section, you should by default be on the Select Suppliers / Products tab.
Type the name of supplier required into the search area and press enter on your keyboard.
Selecting your products
Select your product by clicking or moving the slider next to the products you wish to select. The slider will change from black to turquoise.
Click Add Selected.
A popup window will appear confirming your product selection. Click OK to proceed.
Review your Data Maps
Click on Manage Suppliers / Products tab.
Click View compliance documentation to see documentation for the supplier.
Click Review / Customise.
Here you will be able to see the relevant field selections, leave these selections as they are unless you have a bespoke piece of software with that supplier.
Note: See Customise a Data Map document for instructions on altering an existing data map for a supplier.
Upload a Document to a Supplier
Documents relating to a specific supplier ie a Data Sharing Agreement or a DPIA can be uploaded to that supplier on the Suppliers and DPIAs page within the Manage Suppliers/Products tab.
Navigate to the Manage Suppliers/Products tab.
Find the Supplier/Product you require using the search function.
Click View compliance documentation.
Click Upload Document.
Choose Parent Folder from the drop-down menu i.e. the Supplier folder or the Product folder.
Browse for the file to be uploaded.
Fill in any details necessary.
Set staff permissions.
Assign your Users to a Supplier/Product
Select the Owners/Users tab.
Click Add Users.
A popup window will appear where you can select the users to be assigned.
Place a tick in the box next to the users which use the system and then click Save.
Note: If you have added your Users, you can click Show to review.
You can set the person responsible for the safety of the data stored in the system.
Select the Owners/Users tab.
Click Add Owner.
Enter the Product owner’s details and then click Save.
The new information will now be displayed.
Update a Supplier
Occasionally data maps are updated when we receive information from third-party suppliers to indicate that they have amended their GDPR compliance documentation.
When an update is available you will see Yes in the Update to data map available box when you look at the supplier in the Manage Suppliers / Products tab within the Suppliers and DPIAs section of the portal.
Click Review/ Customise.
The blue boxes with the ticks show the existing data.
The grey boxes show the updated data.
If you are sure you want to accept the update, click Accept Update.
This will move the ticks to the new data.
If you decide not to accept the new data click Remove Update.
Remove a Supplier
You have the option to Remove a Supplier/Product if you no longer use them.
Open the Review Suppliers/Products tab.
Click on Supplier you wish to unsubscribe from.
A popup window will appear asking you to confirm your decision. Click Yes to continue or Cancel.
A further popup window will appear stating that your Product will be removed in 24 hours. Click OK to continue.
You have the option to undo this action within the 24 hours.
Generate Screening Questions and DPIAs (Compact or Full)
Screening Questions and DPIAs may be generated by selecting the DPIA toggle in the Select Suppliers / Products tab next to the relevant Product.
By selecting Generate DPIA next to the relevant Product in the Manage Suppliers / Products tab next to the relevant Product.
A pop-up window will appear with a drop-down menu where you can choose Screening Questions, Compact or Full DPIA
A confirmation pop-up message will appear.
The selected document will then be generated in the View Compliance Documentation area on the Manage Suppliers/Products tab.
In the relevant folder within the Suppliers folder in the Documents and Training area of the portal.