Data Protection and GDPR

What is GDPR?

On May 25th, 2018, the General Data Protection Regulation (GDPR) (EU) 2016/679 came into force. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and is intended to unify the policies and strengthen the safety and security of all data held within an organisation.

This legislation replaced the Data Protection Act (DPA) and is considered the most significant data protection legislation of the last 20 years. There is a plethora of information about the new legislation available online. The Information Commissioner’s Office (ICO) provides a good starting point with its Overview of GDPR.

Data Controllers and Data Processors

The data controller is the person or organisation that determines what data is extracted, what purpose it is used for and who is allowed to process the data. GDPR increases the responsibility Examflicks must inform pupils and parents about how their data is being used and by whom. Examflicks is the data processor of parent, and pupil data when this data has been uploaded. This is data we are trusted with but do not control.

Examflicks is the data controller of parent and pupil data that has been uploaded and managed by parents directly onto the Examflicks platform.

How we comply with GDPR

    • Cloud Hosted
      We are fully hosted in the cloud in servers based within the EEA.

    • Data Managed in EEА
      We store, process, and manage all personal data within the EEA.

    • No Third Parties
      We do not share any personal data with third parties.

    • Bank Level Encryption
      We encrypt your data in Transit and At Rest using bank-grade 256-bit SSL.

    • Permission-based Access
      Examflicks have full control over which users have access to which data.

    • Secure logins
      Every user has secure logins with automatic logouts after periods of inactivity.

    • Easily retrievable data
      Parents can easily download all data that Examflicks holds about their child.

    • Permanent deletion of data
      All users can make subject access and/or right to be forgotten requests by contacting [email protected]

    • Sanitised data
      All pupil data is sanitised before use by internal staff for data analysis and machine learning.


Make your school dreams a reality

Join our programme today

    Your Basket
    Your basket is emptyReturn to Pricing page