Your data is safe with us. The General Data Protection Regulation (GDPR) comes into force on May 25th, and we’ve been working hard behind the scenes to make sure GCSEPod deals with your data safely and properly.
As a data processor, we have been reviewing and revising our processes as we work towards compliance with GDPR. You can find full details of this below (particularly in our sample data sharing agreements), but here’s some highlights for you:
- We are registered with the ICO: Z1442893
- All data is held within the EU (see 5.3.1 of the data sharing agreements)
- You retain full control over what bits of data we can access
- All data in transit is encrypted using SSL/TLS
- All data at rest will be encrypted in advance of May 25th
- All data is processed fairly for the purpose of running GCSEPod
- The data we take is minimised, so we only take the data we need to run GCSEPod (see Schedule 2 of the data sharing agreements)
- All personal data is returned or destroyed (your choice) at the end of your license – if we receive no instructions, we destroy it as standard after 6 months (see 5.3.7 of the data sharing agreements)
- Manual Upload Data Sharing Agreement
- MIS Intergration Data Sharing Agreement
- Groupcall’s GDPR statement
- Wonde’s GDPR statement
- Parent consent letters – please click on the images below to download
How To Videos
Groupcall – Data Sharing Authorisation
Wonde for schools
|“Attempting to ensure GDPR compliance with external service providers is a complex and challenging process within secondary schools. The general response we’ve received from external companies has been that they will be GDPR complaint by the enforcement date and will be in touch when they have more information.
GCSEPod on the other hand have proactively liaised with the school to ensure we are in the know and have everything we need. The updated data sharing agreement is clear and concise so that we the schools know where we stand. Excellent service as always from the GCSEPod team!”
Online Learning Coordinator / Online Safety Officer
North Huddersfield Trust School
& Holmfirth High School
GDPR is the ‘General Data Protection Regulation’ – a regulation created by the EU that will be passed into UK law separately. It’s very complicated, but in basic terms, it is a strengthening of individuals’ rights in terms of what can be done by whom to their personal data.
Do I have to do anything about it?
If you’re a parent, you don’t really need to worry about what you do. If you’re a school or an institution that holds personal data in any form, absolutely. You need to take steps to ensure the data you hold on people is secure and reasonable, and that the person in question is aware of what data you have on them for what purpose. You also need to ensure that any organisations you use to process (that is to say, interact with in any way) that data is up to scratch. Like us!
When’s it happening?
Technically, it’s already happening. Legally, it’s enforceable from the 25th May – many organisations are working right now to ensure they’re up to scratch before then, however.
So, what are you allowed and not allowed to do in principle?
Any personal data an organisation has is regulated – if you’re going to have the data, you need their explicit consent for it, and you need to tell them exactly what’s going to happen to it. You cannot do anything outside of what you said you were going to do – it’s all about consent.
So if a school wants to use GCSEPod, GCSEPod needs to ask every student for consent?
No. We don’t control the data, we process it on your behalf. If you use GCSEPod, it is your responsibility to gather the consent of any data you pass to us for processing. We’ll ask if you’ve gathered that consent, and only process the data if you confirm you have. Individuals must have the right to opt out.
Is there a document that lays out what you do with data in full?
Yes! It’s called a Data Sharing Agreement or a DSA, and you get one as part of the setup process. This FAQ is intended only as a primer before you read the more in depth version.
How and where is our data stored and what security used to ensure its safety
Dublin, Ireland. GDPR requires we keep it within the EU. Here’s some of our general security measures:
- access to administrative functions is restricted to authorised individuals in the office and operatives in specific remote locations through the firewall
- database access restricted to internal servers only with a proxy for remote management
- web traffic is transferred over HTTPS
- passwords are stored using one-way encryption
- Servers are kept up to date with the latest security fixes
How long is personal data kept?
At the end of your subscription, we can destroy or return the data at any time of your choosing. As standard, we anonymise data of all personal information after 3 months. This is to allow for any ongoing renewal discussions – we don’t want to delete data that’s going to be used again very soon!
How is the data destroyed when no longer needed?
All personal data is anonymised so that it’s completely impossible to tie an individual to any remaining data (like number of Pods watched). This renders it inert for GDPR’s purposes.
How do schools access the relevant data sharing agreements
Your data integration service (Wonde/XoD) displays the data sharing agreement during the setup process.
What data do we take (wonde and XOD)
We only take the data required for GCSEPod to run, mostly centred around identifying who is permitted to use which account. The full list of data we take is displayed on the data sharing agreement, which also outlines what we do with it.
What is your ICO registration number?
We'd love to hear from you 0191 338 7830
Want to know more?
“A real ‘no brainer’ – GCSEPod is a high quality resource for students which can be evidenced to have an impact on both progress and attainment for all ability levels. It represents extremely good value for money.”
Nick Howe, Assistant Head,
North Huddersfield Trust School
“GCSEPod is an extremely high quality, cost effective and user friendly resource that has had clear and measurable impact in our Academy. The support given by the GCSEPod team is fantastic in all areas. Whether on their own device, or in the classroom, the resource is high quality and ever-developing! I would thoroughly recommend it!”
Dominic Howkins, Vice Principal,
Ormiston Sudbury Academy
“Test Valley School initially subscribed to GCSEPod after securing some external funding. However, the impact has been so significant that we have now subscribed in our own right.”
Andrew Page, Deputy Headteacher,
Test Valley School
Don’t just take our word for it. We’re very proud of the recognition we’ve gained over the years, and we’ve picked up many industry awards along the way. We’re constantly striving to get better at what we do so that our award-winning service provides exactly what you need.