The General Data Protection Regulation, known as GDPR, went into effect on on May 25, 2018. It is the most sweeping legislation in the last two decades focused on data security and privacy, and significantly updates, extends, and harmonises data protection legislation across the EU/EEA.
To read more about GDPR, please click here.
How is GDPR different from previous data protection laws?
Key areas of difference center on increased accountability for companies, greater access to personal data for individuals, and higher penalties for non-compliance.
GDPR explicitly lays out key rights of data subjects:
- right to be informed
- right of rectification
- right of erasure
- right to restrict processing
- right of data portability
- right to object
- right of access
These rights form the framework for interactions between the data subject, controller, and processor. While the controller (school) remains responsible for respecting these rights, the processor (us) may assist in accomplishing these tasks.
The penalties for non-compliance are not insubstantial. A school found in violation of GDPR may be assessed fines worth up to 4% of total annual revenue. The Information Commissioner’s Office (ICO) is responsible for enforcing GDPR and has a broad range of powers to do so.
Is Wigsbury GDPR-compliant?
Yes. Wigsbury has been designed from the start with personal data protection in mind, and we pride ourselves on offering schools, students, and parents the highest level of security.
Does Wigsbury process data outside the EEA? Is it allowed to process data outside the EEA?
GDPR does not forbid personal data to flow outside the EEA, but expects that any data processing outside the EEA is done following the same principles.
In addition, controllers or processors that process data outside the EEA must provide detailed information about the nature of the processing. In some cases, they must also allow customers or users to object to the processing.
Note that the European Commission has recognized Canada as a jurisdiction with ‘adequate’ data protection. To learn more, click here.
Does GDPR impact customers outside the EU?
Not legally. The EU, obviously, has no legislative power over other jurisdictions. GDPR does not offer any rights or freedoms to data subjects located outside the EU, and does not put obligations on non-EU customers that do not process data on EU/EEA data subjects.
However, Wigsbury offers, for the most part, the same services and same level of security to all our customers. In other words, no matter where your school is located, you will benefit from our approach to security of personal data under GDPR.