Yes, Seesaw is GDPR compliant.
On May 25, 2018, the EU General Data Protection Regulation (GDPR) will go into effect in all EU Member States. The GDPR strengthens the rights that individuals have regarding personal data relating to them and creates consistent data protection rules across Europe.
An essential part of Seesaw’s mission is providing a service that keeps students safe and we are compliant with GDPR.
The principles of privacy by design and privacy by default outlined in the GDPR have been core to the Seesaw mission, experience and product development process from the beginning. We have a number of tools and options in place today to protect the integrity of teachers, students and families’ information globally.
These tools for control and transparency address many of the goals of the GDPR today and are outlined below, along with some additional updates we are making.
Tools for Control
In Seesaw today you can do the following to get information about, access, rectify or erase your personal data - all rights outlined in the GDPR.
- You can update your Seesaw account settings at any time to correct or complete your account information.
- Students can export their journals at any time from their Seesaw account.
- You can delete your Seesaw account at any time and we will permanently delete your account and all data associated with it within 60 days.
Additional tools that put you in control address the right outlined in the GDPR to object to how your data is being used:
- We provide tools to help teachers get parental consent to use Seesaw in their classrooms.
- Furthermore, we do not use personal data in any advertising and do not sell any user data.
Seesaw is also committed to transparent policies.
- Our longstanding Privacy Principles summarize our privacy commitments to you.
- If you have specific questions about particular data, you can contact firstname.lastname@example.org.
Beyond these existing practices, we are doing the following to meet additional needs of the GDPR:
- We reviewed our contracts with third party vendors to make sure that they are compliant with the GDPR.
- We delivered GDPR-focused security training to Seesaw employees.
- We strengthened our procedures for data subject access requests, deletion requests, and government access requests.
- We appointed a Data Protection Officer.
- We implemented a Data Protection Impact Assessment process.
Get more details about how Seesaw helps keep student data safe today here.
No, the GDPR does not require storage of personal data in the EU. The GDPR does have specific requirements regarding the transfer of data out of the EU, but these requirements are similar to existing EU law, which Seesaw complies with.
Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US. Privacy Shield allows US companies to meet this requirement of the GDPR.
Seesaw complies with Privacy Shield regarding the collection, use and retention of personal information from European Union member countries. Seesaw has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity, access, and enforcement and liability. You can learn more about the Privacy Shield program on their website, or view our certification page here.
Under GDPR you need to get parental consent to process personal data for children under the age of 16. Since we don't always have a direct relationship with famililes, we ask that teachers and schools do this either as part of a school wide consent that includes Seesaw, or through this sample consent form.