Your data is safe with us. The General Data Protection Regulation (GDPR) comes into force on May 25th, and we’ve been working hard behind the scenes to make sure GCSEPod deals with your data safely and properly.
As a data processor, we have been reviewing and revising our processes as we work towards compliance with GDPR. You can find full details of this below (particularly in our sample data sharing agreements), but here’s some highlights for you:
- We are registered with the ICO: Z1442893
- All data is held within the EU (see 5.3.1 of the data sharing agreements)
- You retain full control over what bits of data we can access
- All data in transit is encrypted using SSL/TLS
- All data at rest will be encrypted in advance of May 25th
- All data is processed fairly for the purpose of running GCSEPod
- The data we take is minimised, so we only take the data we need to run GCSEPod (see Schedule 2 of the data sharing agreements)
- All personal data is returned or destroyed (your choice) at the end of your license – if we receive no instructions, we destroy it as standard after 3 months (see 5.3.7 of the data sharing agreements)
- Manual Upload Data Sharing Agreement
- MIS Intergration Data Sharing Agreement
- Groupcall’s GDPR statement
- Wonde’s GDPR statement
- Parent consent letters – please click on the images below to download
How To Videos
Groupcall – Data Sharing Authorisation
Wonde for schools
|“Attempting to ensure GDPR compliance with external service providers is a complex and challenging process within secondary schools. The general response we’ve received from external companies has been that they will be GDPR complaint by the enforcement date and will be in touch when they have more information.
GCSEPod on the other hand have proactively liaised with the school to ensure we are in the know and have everything we need. The updated data sharing agreement is clear and concise so that we the schools know where we stand. Excellent service as always from the GCSEPod team!”
Online Learning Coordinator / Online Safety Officer
North Huddersfield Trust School
& Holmfirth High School
GDPR is the ‘General Data Protection Regulation’ – a regulation created by the EU that will be passed into UK law separately. It’s very complicated, but in basic terms, it is a strengthening of individuals’ rights in terms of what can be done by whom to their personal data.
Do I have to do anything about it?
If you’re a parent, you don’t really need to worry about what you do. If you’re a school or an institution that holds personal data in any form, absolutely. You need to take steps to ensure the data you hold on people is secure and reasonable, and that the person in question is aware of what data you have on them for what purpose. You also need to ensure that any organisations you use to process (that is to say, interact with in any way) that data is up to scratch. Like us!
When’s it happening?
Technically, it’s already happening. Legally, it’s enforceable from the 25th May – many organisations are working right now to ensure they’re up to scratch before then, however.
So, what are you allowed and not allowed to do in principle?
Any personal data an organisation has is regulated – if you’re going to have the data, you need their explicit consent for it, and you need to tell them exactly what’s going to happen to it. You cannot do anything outside of what you said you were going to do – it’s all about consent.
So if a school wants to use GCSEPod, GCSEPod needs to ask every student for consent?
No. We don’t control the data, we process it on your behalf. If you use GCSEPod, it is your responsibility to gather the consent of any data you pass to us for processing. We’ll ask if you’ve gathered that consent, and only process the data if you confirm you have. Individuals must have the right to opt out.
Is there a document that lays out what you do with data in full?
Yes! It’s called a Data Sharing Agreement or a DSA, and you get one as part of the setup process. This FAQ is intended only as a primer before you read the more in depth version.
How and where is our data stored and what security used to ensure its safety
Dublin, Ireland. GDPR requires we keep it within the EU. Here’s some of our general security measures:
- access to administrative functions is restricted to authorised individuals in the office and operatives in specific remote locations through the firewall
- database access restricted to internal servers only with a proxy for remote management
- web traffic is transferred over HTTPS
- passwords are stored using one-way encryption
- Servers are kept up to date with the latest security fixes
How long is personal data kept?
At the end of your subscription, we can destroy or return the data at any time of your choosing. As standard, we anonymise data of all personal information after 3 months. This is to allow for any ongoing renewal discussions – we don’t want to delete data that’s going to be used again very soon!
How is the data destroyed when no longer needed?
All personal data is anonymised so that it’s completely impossible to tie an individual to any remaining data (like number of Pods watched). This renders it inert for GDPR’s purposes.
How do schools access the relevant data sharing agreements
Your data integration service (Wonde/XoD) displays the data sharing agreement during the setup process.
What data do we take (wonde and XOD)
We only take the data required for GCSEPod to run, mostly centred around identifying who is permitted to use which account. The full list of data we take is displayed on the data sharing agreement, which also outlines what we do with it.
What is your ICO registration number?
We'd love to hear from you 0191 338 7830
Want to know more?
“100% of our year 11 students achieved at least 5 GCSEs at grades A*-C.
82% achieved at least 5 GCSEs including Maths, English and/or Welsh at grades A*-C. An impressive 27% of grades were at A* or A compared to the national average of 19.4%.
We strongly believe that GCSEPod has played an important role in improving the outcomes for some of our pupils. Indeed, some of our top users exceeded their target grades in many areas and have now returned to the sixth form to continue their studies at A level.”
Diane Evans - Assistant Head Teacher,
Ysgol Uwchradd Aberteif
“There is a very clear correlation between the subjects with the most pronounced raises in attainment (English Literature, Chemistry, Biology and Physics) and those that had the highest GCSEPod usage.
In addition, the student with the highest GCSEPod usage was also our highest achiever.
Because there has so clearly been an impact on the departments that utilised GCSEPod effectively, we will be looking to increase the use of GCSEPod across the school in coming years.”
Andrew Ost - Deputy Head,
Fort Pitt Grammar School
“We’ve used GCSEPod for a year and the results speak for themselves!
Not only did we see a rise in headline measures across the board with our highest user of GCSEPod gaining 7A* – but the students and their parents love it!
It’s fun, user friendly, and easy to use in a variety of ways – on a mobile device, in school, at the heart of our mentoring and intervention strategies, for flipping learning, and to deliver positive engagement that parents can see. Plus we’ve only just scratched the surface!”
Dominic Howkins - Vice Principal,
Ormiston Sudbury Academy
Don’t just take our word for it. We’re very proud of the recognition we’ve gained over the years, and we’ve picked up many industry awards along the way. We’re constantly striving to get better at what we do so that our award-winning service provides exactly what you need.