Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIA):

The educational establishments who wish to commission the EDClass SaaS can send the relevant questionnaire and due diligence checks to the EDClass DPO, all relevant information, certificates and narrative will be submitted. 

To help any establishment with this process EDClass has not only conducted its own DPIA (available on request), but external organisations have also audited and published a DPIA of the EDClass SaaS. 

Age appropriate design: a code of practice for online services

  1. Best interests of the child: EDClass Ltd operates a fully safeguarding online alternative provision for children and young people (CYP) who cannot attend provision settings. The content delivered to CYP is of recognised educational standard created and taught by experienced UK qualified teachers who all possess a professional QTS number.
  2. Data protection impact assessments: DPIA has been conducted by an external auditor and is available on their website Wonde Documentation
  3. Age appropriate application: Schools commission the use of the EDClass platform, and in doing so ensure all compliance documentation has been rigorously checked and due diligence has been taken.
  4. Transparency: All activity and interaction completed within the platform by CYP is recorded and shared with authorised colleagues within the school or academy setting.
  5. Detrimental use of data: CYP data is used for identification and safeguarding procedures. EDClass teaching colleagues need to ensure that the correct CYP is accessing the correct educational materials, at the correct time with the correct ability in the best possible safeguarded way.
  6. Policies and community standards: 
    1. Click here to view all policies
    2. EDClass Ltd 9001 CQ Certificate
    3. EDClass Ltd 21001 CQ Certificate
    4. Cyber Essentials Certificate
    5. DPA and GDPR policy
  7. Default settings: Privacy levels are set by the end users and the internet browsers they use. EDClass ltd has no involvement with these settings. Reminders and knowledge banks are in place to show CYP and other individuals how to do so.
  8. Data minimisation: Collect and retain only the minimum amount of personal data you need to provide the elements of your service in which a child is actively and knowingly engaged.
  9. Data sharing: Data is not shared with any other party except for the school in which that CYP is enrolled with.
  10. Geolocation: Geolocation is switched off. Techniques of geo-mapping are required for the robust safeguarding measures EDClass Ltd adopts for all CYP using the platform in any location which is not the school or academy setting. This is to ensure a CYP is accessing the platform from a location that has been deemed safe and well by authorised personnel from the school/ academy. Alerts to the school/ academy are triggered when a CYP is accessing the platform from a different location.
  11. Parental controls: Parents can gain access to see how their CYP is progressing through the educational content. It is the teaching colleagues from the school or academy who can adapt, edit and change any of the data in response to any school/ academy protocols.
  12. Profiling: Profiling is switched off. Only content required for KCSIE 2023 and safeguarding processes for CYP accounts within the EDClass platform.
  13. Nudge techniques: No nudge techniques are ever required by the EDClass platform.
  14. Connected toys and devices: Not Applicable
  15. Online tools: CYP liaise with their own school /academy if help is needed or if they are unsure of certain tasks. CYP have different methods to contact the EDClass colleagues via either: internal text chat, internal voice communicators or video conferencing built by and into the EDClass platform.