ParentPay and GDPR


Our responsibility to customers

ParentPay is working to meet the requirements of the GDPR legislation.

Our promise to customers and partners: 

  • We only manage data with agreement of the data controller
  • We will use and continue to update safeguards around data handling 
  • Impose confidentiality requirements on its personnel
  • Work to help the controller meet the rights of the data subjects.

For further detail and information on GDPR legislation - please visit the UK Information Commissioner's Office website


What ParentPay are already doing

Data processing with partners 

ParentPay uses some 3rd party systems to fulfil our data processing duties; including hosting, texting, email, the storage and use of personal information handed to us by the school.

Schools are entitled to know which 3rd parties we use, and what data is being shared. ParentPay will assess its 3rd parties to ensure valid compliance with any changing legislation. 

Contractual changes

ParentPay will be revising our existing contracts with schools to reflect the requirements of the new legislation.

Breach notification

In the event of a data breach ParentPay will follow the Information Commissioner's Office guidelines

Questions about data we hold

ParentPay do not transfer data to countries outside of the EEA. The cloud providers that we work with guarantee data is only processed in the EEA, or that they explicitly abide by the regulation.

Please report your data protection related concerns to dataprotection@parentpay.com

Security

Security of data is essential. ParentPay uses best of class protection measures and carry out regular external audits to assess our security posture. Find out more


Helping your school demonstrate compliance

Under the data protection law, controllers (i.e. the schools) will need to demonstrate their compliance, which in turn means they need to assess the compliance of all of their service suppliers.

As a supplier of a service to schools, ParentPay expects to be scrutinised by its customers.

In order to make the task of vetting their suppliers easier and more focussed for schools, ParentPay has partnered with the UK trusted data experts GDPRiS (GDPR in Schools

How GDPRiS can help your school

ParentPay have joined Capita, GroupCall and several other leading educational suppliers to work with GDPRiS. 

School, local authority and MAT subscribers can use GDPRiS to streamline the school’s effort of achieving, demonstrating and retaining their compliance to GDPR.

Request more information about GDPRiS

Request more information about GDPRiS