We know that this is a big concern for schools, tutors and partners so, let us put your mind at rest, by reassuring you that EdPlace is fully compliant or exceeds all elements of GDPR legislation (www.edplace.com/GDPR_Compliance_Statement) and data security (www.edplace.com/privacy). All access to EdPlace is fully encrypted to guard against hackers or any data breaches, so you can be confident that we've got this covered.
Schools accessing assessments via API
We need to be able to generate a unique record for each student and require a first name and last initial to do this. We also require the student's current year group in order to be able to assign them an appropriate assessment. As all data sharing is managed and encrypted via API, each partner has the opportunity to manage and control any data sharing according to their exact specifications.
Schools accessing assessments manually
We never collect any identifying student data which is not required for our system (e.g. dates-of-birth) and need only a first name, last name and school year group. Partners, schools or tutors will upload this data to EdPlace themselves so EdPlace staff will never require access. If using the mass upload option, secure and non-identifiable usernames will be automatically created for students which is why we recommend this option. If students will be using and logging into EdPlace regularly, we recommend that the 'Require password change' option is selected (more on this process here).
Whichever option is used, it may be helpful to think of it like this - your school partners need to share information with you to access the NTP but EdPlace requires no new or additional information, plus only a fraction of the information you will collect needs to be shared with EdPlace, and no information which allows students to be personally identified.
At the end of each academic year, we produce our impact report (click here to download the most recent version) and NTP assessments summary (click here to review the most recent version). We will include anonymised data from NTP students within these reports but there will never be any identifying information used and EdPlace will not have access to this.
As with all data security, the greatest risk is represented by human errors like sharing details in a manner that is not secure, using passwords that are too simple, losing devices or sharing login details with others. We encourage all our partners, and every individual working for and with them, to give this thought and to become familiar with your company's internal data security policies, plus to be sure to share these with your partner schools and tutors.
We hope this article is helpful but please do not hesitate to get in contact if you have any further questions or need any support. To contact our friendly Customer Support Team, drop us an email at firstname.lastname@example.org.