GDPR

Understanding GDPR and IRIS Invigilation

What is GDPR?

The General Data Protection Regulation (GDPR) is recognized as the world’s most stringent privacy and security law. Although established by the European Union (EU), GDPR applies to any organization—regardless of location—that processes or targets the personal data of individuals within the EU. Our goal is to help our customers comply with GDPR requirements and ensure that test-takers are informed about their data rights.

Our Role Under GDPR

GDPR defines two primary roles:

  • Data Controller: Determines the purpose and methods of processing personal data.
  • Data Processor: Processes personal data on behalf of the controller, following their instructions.

IRIS Invigilation acts as a data processor.
We process data on behalf of our clients (the data controllers). The data controller specifies what information is required from the exam-taker, and IRIS Invigilation collects and processes this data strictly according to their instructions.

Our Commitment to Privacy and Data Protection

Protecting your privacy and personal data is our top priority. We adhere to global data protection laws and are committed to transparency for everyone who interacts with our services—from website visitors to educators and test-takers. We clearly explain:

  • What information we collect
  • How we use it
  • When it may be shared
  • The rights and protections available under applicable privacy laws

For more details about our approach to security and data protection, please visit https://www.irisinvigilation.com/privacy-policy/

How We Ensure GDPR Compliance

We take several key steps to maintain GDPR compliance:

  • Continuous Monitoring and Policy Updates:
    We regularly review and update our data protection policies and procedures to align with GDPR and other relevant laws.
  • Robust Security Measures:
    We implement strong information security protocols to protect personal data from unauthorized access, alteration, disclosure, or destruction.
  • Legal Basis and Record Keeping:
    All data processing activities are reviewed to ensure a valid legal basis, and we maintain detailed records as required by GDPR (Article 30) and other regulations.
  • Data Minimization and Storage Limitation:
    We only collect what is necessary, store it securely, and ensure its ethical and compliant destruction when no longer needed.
  • Clear Privacy Policy:
    Our Privacy Policy explains why we collect personal data, how it’s used, individuals’ rights, and the safeguards in place.
  • Third-Party Processor Agreements:
    Any third parties processing data on our behalf are subject to strict processor agreements and due diligence to ensure GDPR compliance, including high-level encryption and protection for sensitive data.
  • Incident Response:
    We have clear procedures for identifying, assessing, investigating, and reporting personal data breaches promptly. All employees are trained on these protocols.
  • Dedicated Data Privacy Officer:
    Our Data Privacy Officer oversees compliance with GDPR and other data protection laws, ensuring that our policies and practices meet the highest standards.