What is GDPR?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018.

To read more about GDPR, please read this article

Who is subject to GDPR?

Individuals, organisations and companies that control or process personal data are subject to GDPR. There are three different areas:

  • Data Subjects (pupils, families and school employees or other people you collect data on)
  • Data Controllers (your school)
  • Data Processors (i2s.app)

As a data processor, we do not decide the purpose or lawfulness of the data we process and store. We are trustees acting on our customers’ behalf. As data controllers, schools remain responsible for documenting and deciding which data is entered in our systems. However, GDPR regulations do impose regulations on processors. We will fully comply with these requirements.

Is i2s.app GDPR Compliant?

Yes, i2s.app has been built with security, privacy and personal data protection as core design aims.

We are registered with the Information Commissioner's Office and as a part of our commitment to privacy i2s.app provides:

  • Organisational and technical security for our services
  • Assistance with documentation to demonstrate compliance and keep our clients informed
  • Data Processing agreements that comply with GDPR
  • Support if your users exercise their data subject rights

What measures does i2s.app take to secure my data?

Are standard security includes:

  • Physical Security Our Infrastructure providers are certified and compliant with GDPR
  • Network Security DDOS Protection
  • Server Security Certificate based Access, Server Firewall
  • Organisational Security Access policies, audit logs & Contractual agreements
  • Application Security A+ Rated SSL Certificate. Industry Standard password hashing, Application level protection against attacks.
  • Design Security All Services controlled via Security Groups. Client Side protections to prevent reverse engineering. Two Factor Authentication
  • Procedural Security IT Processes to minimise risk and polices for data processing

When does i2s.app delete personal data?

i2s.app deletes personal data automatically depending on your setup. All people no longer on roll will be removed after a configurable time.

i2s.app will also delete the server on end of contract which will remove all personal data stored. All backups retained by the customer should also be removed.

If requested by our customers for support deleting personal data i2s.app staff will assist.

Does i2s.app send data to third parties?

No, unless we receive instruction from our customers or have a legal obligation to do so.

However with the available API's or integration with other services you may be sending personal data to your other providers. You will need to have policies in place to make sure they adhere to data protection regulations.

Can I host in the EU?

Yes our Data Center providers have EU Data Centers. All data will be stored on your server, however any third party integrations may have their servers outside the EU. All third party integrations are clearly marked so your internal policies can be applied.

Further Questions about privacy regulations?

For GDPR and other regulations, please contact us at dpo@i2s.app
For General Support please the client account resources.

Privacy Policy Cookie Settings Forum Help desk