Suppliers & Systems
Our Suppliers area offers a comprehensive list of suppliers and their products, with instant mapping. As part of our product mapping process GDPRiS stores information on the standard data processed by each supplier. GDPRiS goes a step further by capturing the legal basis for processing, retention information and how the rights of the data subject are met.
Our Suppliers area forms an integral part of demonstrating your compliance under GDPR.
Which Suppliers should be added to your GDPRiS portal ?
Confusion may arise to which of the hundreds of suppliers used by a school should become part of a data audit and thus be added to GDPRiS.
Not every supplier/system needs to be added into GDPRiS, only the ones where the school is the principal or shared data controller.
Here are some examples:
A book supplier asks the person ordering the books for their name, phone number and email address. The book supplier is the data controller and is responsible to keep your data safe and you have all the rights to ensure it is safe and correctly managed. However, this supplier would not be part of your audit.
THIS SUPPLIER WOULD NOT BE ADDED TO GDPRiS
A book supplier has an area online where a teacher can test their students on the content of their books. The teacher uploads student names and student’s login in to do the tests. Here is an example where the supplier is processing data for the data controller (the school).
THIS SUPPLIER WOULD BE ADDED TO GDPRiS
This document provides a process overview of RoPA formally known as Suppliers and Local Products.
RoPA (Records of Processing Activities) is a replacement of the previous Suppliers/Systems/Local Products and My Products sections. The reason this replacement has come to be is to provide a more comprehensive, user friendly feature which schools and DPO’s can use to manage their supplier subscriptions.
Your List of Subscriptions
Your list of supplier subscriptions can be found in the RoPA and DPIAs section which can be accessed via the navigation menu. The first page within RoPA and DPIAs contains the list of your existing national supplier subscriptions. If you do not yet have any suppliers listed, you can add them via the “+ Add System” button where you will be able to search, review, run a DPIA or subscribe to a supplier(s)/system(s).
As you can see from the screen shot below, RoPA lists your supplier subscriptions along with their relevant systems.
Overview, Edit, Remove and DPIA functions are available on the right-hand side of each system.
Overview – The RoPA Card
The overview is as it states, an overview of the system you are currently subscribed to. This gives you a quick look at the system without having to go into the system to see all the in-depth information.
Edit Existing Subscription
You can edit existing subscriptions via the edit pencil icon found on the right-hand side of the page. This will take you to a page where you can go into each section of the system and make changes from the provided defaults to your tailored requirements. Each section has a “Show Help” button which shows useful information to help you.
Generate Screening Questions and DPIAs (Compact or Full)
DPIA’s (Data Protection Impact Assessments) can be run from either your current list of Supplier/Systems or via the Add System pages. Our DPIA feature provides 27 options for running an assessment ranging from Screening Questions to Safeguarding.
Click on “DPIA” in either of the provided sections and then select the type of impact assessment you would like to run and then click “Generate”. This will bring up a popup window letting you know that you will receive an email telling you where the impact assessment has been saved.
Subscribe to New Suppliers/Systems
Subscribe to New National Supplier(s)/System(s)
To add new suppliers or systems, click on “+ Add System” in the top right-hand corner or the screen. You will be taken to a blank page where you can search for the supplier or system of your choosing via the provided search box. The search will update as you type out the name of the supplier or system.
When you have searched for the supplier or system, you can click on the system name to review the system so that you can make an informed decision as to if you are happy subscribing to said system. On the search page you are also given the option to run a DPIA (Data Protection Impact Assessment) to help you identify and minimise the data protection risks to your school.
When you click on a systems name to review it, you will be taken to a screen where you can review the following sections of the system before subscribing to it:
- Data Subjects
- Data Fields – takes you to another page to review each field
- Subscription Visibility
It is important that you review the system carefully by going into each of the sections before subscribing to them. You can also at this point add in relevant information so that it is then saved when you click “subscribe”.
Create New Local or National Supplier(s)/System(s)
RoPA incorporates Local Systems into the same area as the national suppliers so that all suppliers are together in one place.
To create a new local or national supplier/system, click on “RoPA and DPIA’s” and then “RoPA” on the left-hand navigation menu.
Click on “+ Add System” – this will take you to the page where you can search for and add national suppliers/systems.
Click on “+ Create System” again which will present you with the sections for you to start adding your local and national supplier/system.
You can click on the “+” to expand each section to add in the relevant information for your new system. You can click on “Show Help” to show helpful information for each section to help you make decisions on what information needs to be added to each section.
Once you’ve gone through each section for creating your new local supplier/system, you can click “Create” and you will then see your supplier with your other subscribed suppliers/systems.
From either the RoPA or Add System page, you will be able to make changes to the system defaults or the settings you changed when you subscribed to the system.
The systems default settings are available for you to view via “+ Display Defaults” in each section. If you have made changes to a system and need to restore its defaults, you can do this by clicking on “Restore Defaults”.