Parish IT Systems and GDPR

for

AGM of Hampshire Association of Local Councils

21st March 2018

from

Chris Edge Managing Director

EDGE IT Systems Limited

chris@edgeITsystems.com

22nd  June  2017  

21st  March  2018  

Parish IT Systems & GDPR

What  ICT  requirements  does  your  Council  have  ?     Tick  all  required  

Allotments  

Agendas  and  minutes  

Asset  Management  

Data  Backup   ü  

Bookings  

Cemeteries  

Complaints  

Email  &  phone   ü  

Fax  

Finance   ü  

Job  Management  

Planning  

Timesheets  

Web  site  integraGon  

Word  Processing   ü  

GDPR  compliance   ü  

21st  March  2018  

40 Years of Milestones 1976 Apple I with Word Star word processor and VisiCalc spreadsheet

1981 IBM PC and PC-DOS

1985 Microsoft Windows v1 and Word v1, Lotus 1-2-3 spreadsheet

1989 Microsoft Office v1

1992 World Wide Web and 57 Kbps dial-up modems

1995  Microsoft Windows 95 and Office 95

1997  Google

2004 Broadband overtakes dial-up internet connections

2006 Google Docs

2010  Windows 7 and Office 2010

2015 Windows 10 and Office 2016

Parish IT Systems & GDPR

21st  March  2018  

Typical IT Hardware in 2018 Internet & Network •  Superfast broadband 30Mbps+, e.g. BT Infinity or Brighter Bills FTTC •  WiFi via broadband router •  WiFi extender for rooms too far away via electrical wiring •  Supplement WiFi with CAT 5E/6 network points and network switch •  Provide separate network for public WiFi via VLAN network switch Hardware •  Laptop with i7 processor, 8Gb+ RAM, 512Gb+ solid state drive (SSD) •  Photocopier/ printer/ scanner •  Phone calls via internet using combination of 3 VoIP options so that can answer and

make calls from office or elsewhere: •  VoIP handset … looks like a normal phone •  VoIP software on computer … requires headset •  VoIP app for mobile

Parish IT Systems & GDPR

21st  March  2018  

Typical Software in 2018 •  Each computer:

•  Microsoft Windows 10 •  Avast anti-virus (formerly AVG) •  MalwareBytes for web browser protection

•  Each officer uses Microsoft Office 365 Business Premium •  Email on computer, mobile, tablet … up to 5 devices •  Word, Excel, PowerPoint, Access •  1,000 Gb of storage per officer •  1,000 Gb of shared storage

•  Backupify for Office 365 •  Unlimited and indefinite backups

•  Councillor email via Microsoft Office 365 Exchange Plan

•  Specialist software …

Parish IT Systems & GDPR

21st  March  2018  

Specialist Software - Options

Parish IT Systems & GDPR

Op:ons   Descrip:on    

Examples  

1   Do  it  yourself   Use  Word,  Excel  and  Access  or  Google  Docs  

2   Commercial  soNware   Examples  include:    Sage  Cloud  Payroll  Sage  50  Cloud  Accounts  Quick  Books  

3   Specialist  soNware   AdvantEDGE  Epitaph  RBS  Scribe  2000  

4   Mixture  of  the  above  

21st  March  2018  

Specialist Software - History 1984  Scribe Software Initiative from NALC

1992-96 AdvantEDGE only product approved by NALC (initially known as Scribe LCA for DOS and then Co-WARE for Windows)

1996  New financial regulations

NALC closes approval scheme RBS Software Solutions enters sector with finance software

2007  EDGE launch cloud software for cemeteries & crematoria (Epitaph)

RBS software – change of ownership to Rialtas Business Solutions

2016  Scribe 2000 – change of ownership from original developer Rialtas – significant director buy out completed

Parish IT Systems & GDPR

Council  Size   Computer   Successor  

Scribe  5   Small   BBC  Micro  

Scribe  30   Medium   Amstrad  PCW   Scribe  2000  

Scribe  75   Large   IBM  PC   AdvantEDGE  

21st  March  2018  

GDPR

•  General Data Protection Regulation (GDPR)

•  25th May 2018

•  “Strengthen & unify data protection for individuals within the EU”

•  Information Commissioners Office (ICO)

GDPR Compliance

•  ICO compliance procedure … 12 steps to take

•  Data Protection Officer … who should this be ?

•  IT Systems … what is the best approach for compliance ?

Parish IT Systems & GDPR

21st  March  2018  

GDPR – Understand the IT Challenges •  Data security

•  Purging old records inline with GDPR retention policy

•  Councillors using private email addresses GDPR – Recommended IT Solutions •  Implement clean computer policy :

•  move documents and data into Cloud •  e.g. Office 365 or Google Docs

•  use software as a service (SaaS) products •  e.g. Office 365, AdvantEDGE, Epitaph, Sage Cloud Payroll

•  Use software with ability to purge old records

•  Provide council email mailbox for each councillor

Parish IT Systems & GDPR

21st  March  2018  

GDPR – What is required from a Cloud Provider ?

•  Contract

•  Service Level Agreement (SLA)

•  Data centre in UK, EU or 1 of 12 countries approved by an “EU adequacy decision” •  USA data centres

•  Problematic as reliant on a12 month, rolling agreement called the “EU-U.S. Privacy Shield” and previous agreement failed for 5 months in October 2015.

•  Why is it a problem if it fails ? The US National Security Agency (NSA) operate a policy of mass surveillance.

Parish IT Systems & GDPR

21st  March  2018  

GDPR – Is your Cloud provider GDPR compliant ? The following are GDPR compliant but they are not all equal.

Cloud  Provider   Data  Centres  

Comments  

Amazon  Web  Services   UK   Not  as  good  as  MicrosoN  

Drop  Box  Pro   UK   Only  compliant  if  Pro  version  &  specify  UK  data  centre  

EDGE   UK   Annual  penetraGon  test  of  data  centre  &  backup  data  centre  moving  to  MicrosoN  Azure  in  Q2  of  2018  

Google   UK   Not  as  good  as  MicrosoN  

Mail  Chimp   USA   Reliant  on  “EU-­‐U.S.  Privacy  Shield”  

Microshade   UK  

MicrosoN   UK   MicrosoN  are  leading  the  way  

Sage   UK  

Parish IT Systems & GDPR

21st  March  2018  Parish IT Systems & GDPR

Product   Cloud  Provider?  

Modules   Contract  Type  

Support  Contracts  

Include  Backups  

Escrow  &  data  

download  op:on  

Provide  database  and  read  only  access  aFer  contract  expired  

AdvantEDGE  &  Epitaph  

Yes   8   Rental   Monthly  and    1,  3  or  5  years  

Yes    

Daily  for  last  5  weeks,  last  4  quarter  ends,  last  3  year  ends  

Yes   Q3  2018  

RBS  *   No   6   Purchase   1  year   No   No   No    

Scribe  2000    

No   3   Purchase   1  year   No   No   Yes  

Specialist Software – which are cloud providers ?

* RBS can be hosted by Microshade for extra cost.

21st  March  2018  

Specialist Software – what is possible in the future ?

•  Live links to Council website •  Live links to digital noticeboards

•  Documents and pictures stored with relevant database records

•  Online bookings

•  Online searching of cemetery records

•  App for public to report problems

•  App for councillors to see approve invoice for payment and review invoice

Parish IT Systems & GDPR

21st  March  2018  

Parish IT System in 2018 – Recommendations Hardware •  Superfast broadband and WiFi •  Laptop with i7, 8Gb RAM, 512Gb SSD •  Photocopier/ printer/ scanner •  VoIP Software •  Windows 10, Office 365, Backupify •  Avast anti-virus, MalwareBytes •  Specialist parish software GDPR compliance •  Clean computer policy •  Move to the Cloud •  Use software as a service •  Provide email box for each Councillor

Parish IT Systems & GDPR

21st  March  2018  

Questions and

Answers

Parish IT Systems & GDPR