The General Data Protection Regulations (GDPR) builds on the existing Data Protection Act (DPA). GDPR came into force on May 2018. It affects all companies managing the personal data of European people.

Schools users must understand how GDPR affects them. They need to be responsible for obtaining parent consent to use our products, and managing any requests for data access, or requests to correct data. Many parents will be unaware Edval is being used to help schools manage their timetable. Requests and corrections must be directed to the school.

Edval is a data processor, not a controller. We don’t usually have direct relationship with parents or students, and where personal or contact details are loaded by the school into their Edval software, it’s the school who manages the relationship and communicates with these parents or students, and determines / controls how this data is used.

Edval is focused on ensuring continued compliance with the GDPR. We see it as logical and appropriate. While it applies by law only to Europe, our company has adopted these regulations globally, given we are active in many different countries such as Australia and USA.

We have identified various data fields necessary for timetabling and scheduling, of which there are very few ‘personal’ data fields. Many UK schools timetable with no student names, or personal details, other than teacher names & classes.

Edval manages limited personal data in Europe, E.g name, email contact, and timetable information (class times and rooms). A Subject Access Request (SAR) can be made to obtain this, but must be done directly through the school to ensure valid authority, and that the requester identity is confirmed.

Our current UK data protection certificate is here.