Parish IT Systems and GDPR
for
AGM of Hampshire Association of Local Councils
21st March 2018
from
Chris Edge Managing Director
EDGE IT Systems Limited
21st March 2018
Parish IT Systems & GDPR
What ICT requirements does your Council have ? Tick all required
Allotments
Agendas and minutes
Asset Management
Data Backup ü
Bookings
Cemeteries
Complaints
Email & phone ü
Fax
Finance ü
Job Management
Planning
Timesheets
Web site integraGon
Word Processing ü
GDPR compliance ü
21st March 2018
40 Years of Milestones 1976 Apple I with Word Star word processor and VisiCalc spreadsheet
1981 IBM PC and PC-DOS
1985 Microsoft Windows v1 and Word v1, Lotus 1-2-3 spreadsheet
1989 Microsoft Office v1
1992 World Wide Web and 57 Kbps dial-up modems
1995 Microsoft Windows 95 and Office 95
1997 Google
2004 Broadband overtakes dial-up internet connections
2006 Google Docs
2010 Windows 7 and Office 2010
2015 Windows 10 and Office 2016
Parish IT Systems & GDPR
21st March 2018
Typical IT Hardware in 2018 Internet & Network • Superfast broadband 30Mbps+, e.g. BT Infinity or Brighter Bills FTTC • WiFi via broadband router • WiFi extender for rooms too far away via electrical wiring • Supplement WiFi with CAT 5E/6 network points and network switch • Provide separate network for public WiFi via VLAN network switch Hardware • Laptop with i7 processor, 8Gb+ RAM, 512Gb+ solid state drive (SSD) • Photocopier/ printer/ scanner • Phone calls via internet using combination of 3 VoIP options so that can answer and
make calls from office or elsewhere: • VoIP handset … looks like a normal phone • VoIP software on computer … requires headset • VoIP app for mobile
Parish IT Systems & GDPR
21st March 2018
Typical Software in 2018 • Each computer:
• Microsoft Windows 10 • Avast anti-virus (formerly AVG) • MalwareBytes for web browser protection
• Each officer uses Microsoft Office 365 Business Premium • Email on computer, mobile, tablet … up to 5 devices • Word, Excel, PowerPoint, Access • 1,000 Gb of storage per officer • 1,000 Gb of shared storage
• Backupify for Office 365 • Unlimited and indefinite backups
• Councillor email via Microsoft Office 365 Exchange Plan
• Specialist software …
Parish IT Systems & GDPR
21st March 2018
Specialist Software - Options
Parish IT Systems & GDPR
Op:ons Descrip:on
Examples
1 Do it yourself Use Word, Excel and Access or Google Docs
2 Commercial soNware Examples include: Sage Cloud Payroll Sage 50 Cloud Accounts Quick Books
3 Specialist soNware AdvantEDGE Epitaph RBS Scribe 2000
4 Mixture of the above
21st March 2018
Specialist Software - History 1984 Scribe Software Initiative from NALC
1992-96 AdvantEDGE only product approved by NALC (initially known as Scribe LCA for DOS and then Co-WARE for Windows)
1996 New financial regulations
NALC closes approval scheme RBS Software Solutions enters sector with finance software
2007 EDGE launch cloud software for cemeteries & crematoria (Epitaph)
RBS software – change of ownership to Rialtas Business Solutions
2016 Scribe 2000 – change of ownership from original developer Rialtas – significant director buy out completed
Parish IT Systems & GDPR
Council Size Computer Successor
Scribe 5 Small BBC Micro
Scribe 30 Medium Amstrad PCW Scribe 2000
Scribe 75 Large IBM PC AdvantEDGE
21st March 2018
GDPR
• General Data Protection Regulation (GDPR)
• 25th May 2018
• “Strengthen & unify data protection for individuals within the EU”
• Information Commissioners Office (ICO)
GDPR Compliance
• ICO compliance procedure … 12 steps to take
• Data Protection Officer … who should this be ?
• IT Systems … what is the best approach for compliance ?
Parish IT Systems & GDPR
21st March 2018
GDPR – Understand the IT Challenges • Data security
• Purging old records inline with GDPR retention policy
• Councillors using private email addresses GDPR – Recommended IT Solutions • Implement clean computer policy :
• move documents and data into Cloud • e.g. Office 365 or Google Docs
• use software as a service (SaaS) products • e.g. Office 365, AdvantEDGE, Epitaph, Sage Cloud Payroll
• Use software with ability to purge old records
• Provide council email mailbox for each councillor
Parish IT Systems & GDPR
21st March 2018
GDPR – What is required from a Cloud Provider ?
• Contract
• Service Level Agreement (SLA)
• Data centre in UK, EU or 1 of 12 countries approved by an “EU adequacy decision” • USA data centres
• Problematic as reliant on a12 month, rolling agreement called the “EU-U.S. Privacy Shield” and previous agreement failed for 5 months in October 2015.
• Why is it a problem if it fails ? The US National Security Agency (NSA) operate a policy of mass surveillance.
Parish IT Systems & GDPR
21st March 2018
GDPR – Is your Cloud provider GDPR compliant ? The following are GDPR compliant but they are not all equal.
Cloud Provider Data Centres
Comments
Amazon Web Services UK Not as good as MicrosoN
Drop Box Pro UK Only compliant if Pro version & specify UK data centre
EDGE UK Annual penetraGon test of data centre & backup data centre moving to MicrosoN Azure in Q2 of 2018
Google UK Not as good as MicrosoN
Mail Chimp USA Reliant on “EU-‐U.S. Privacy Shield”
Microshade UK
MicrosoN UK MicrosoN are leading the way
Sage UK
Parish IT Systems & GDPR
21st March 2018 Parish IT Systems & GDPR
Product Cloud Provider?
Modules Contract Type
Support Contracts
Include Backups
Escrow & data
download op:on
Provide database and read only access aFer contract expired
AdvantEDGE & Epitaph
Yes 8 Rental Monthly and 1, 3 or 5 years
Yes
Daily for last 5 weeks, last 4 quarter ends, last 3 year ends
Yes Q3 2018
RBS * No 6 Purchase 1 year No No No
Scribe 2000
No 3 Purchase 1 year No No Yes
Specialist Software – which are cloud providers ?
* RBS can be hosted by Microshade for extra cost.
21st March 2018
Specialist Software – what is possible in the future ?
• Live links to Council website • Live links to digital noticeboards
• Documents and pictures stored with relevant database records
• Online bookings
• Online searching of cemetery records
• App for public to report problems
• App for councillors to see approve invoice for payment and review invoice
Parish IT Systems & GDPR
21st March 2018
Parish IT System in 2018 – Recommendations Hardware • Superfast broadband and WiFi • Laptop with i7, 8Gb RAM, 512Gb SSD • Photocopier/ printer/ scanner • VoIP Software • Windows 10, Office 365, Backupify • Avast anti-virus, MalwareBytes • Specialist parish software GDPR compliance • Clean computer policy • Move to the Cloud • Use software as a service • Provide email box for each Councillor
Parish IT Systems & GDPR