ParentPay and GDPR
Our responsibility to customers
ParentPay is working to meet the requirements of the GDPR legislation.
Our promise to customers and partners:
- We only manage data with agreement of the data controller
- We will use and continue to update safeguards around data handling
- Impose confidentiality requirements on its personnel
- Work to help the controller meet the rights of the data subjects.
For further detail and information on GDPR legislation - please visit the UK Information Commissioner's Office website
What ParentPay are already doing
Data processing with partners
ParentPay uses some 3rd party systems to fulfil our data processing duties; including hosting, texting, email, the storage and use of personal information handed to us by the school.
Schools are entitled to know which 3rd parties we use, and what data is being shared. ParentPay will assess its 3rd parties to ensure valid compliance with any changing legislation.
ParentPay will be revising our existing contracts with schools to reflect the requirements of the new legislation.
In the event of a data breach ParentPay will follow the Information Commissioner's Office guidelines
Questions about data we hold
ParentPay do not transfer data to countries outside of the EEA. The cloud providers that we work with guarantee data is only processed in the EEA, or that they explicitly abide by the regulation.
Please report your data protection related concerns to firstname.lastname@example.org
Security of data is essential. ParentPay uses best of class protection measures and carry out regular external audits to assess our security posture. Find out more
Helping your school demonstrate compliance
Under the data protection law, controllers (i.e. the schools) will need to demonstrate their compliance, which in turn means they need to assess the compliance of all of their service suppliers.
As a supplier of a service to schools, ParentPay expects to be scrutinised by its customers.
In order to make the task of vetting their suppliers easier and more focussed for schools, ParentPay has partnered with the UK trusted data experts GDPRiS (GDPR in Schools)
How GDPRiS can help your school
ParentPay have joined Capita, GroupCall and several other leading educational suppliers to work with GDPRiS.
School, local authority and MAT subscribers can use GDPRiS to streamline the school’s effort of achieving, demonstrating and retaining their compliance to GDPR.