Edudata.io Glossary
Except where otherwise noted, content on this page is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International.
| Word / sentence | Description |
| Risk assessment / DPIA Process | Data Protection Risk and Impact Assessment process. Made In Edudata.io Compliance. The Draftsman manages the risk assessments and prepares drafts for Decision-makers. First, the Draftsman sends the app for Risk Assessment to Edudata.io's legal team and they give the recommendation whether the app is safe or not to use from a legal perspective. The DPO makes a draft for the Decision maker. |
| Application Request | Request for an application to be used in education. |
| Administrative tasks | The tasks which prepare for decision. The administrative tasks are for example document creation, preparing decisions, communication, and process management. Many times DPO's responsibility. |
| Awareness | Share the knowledge about Data Privacy in School with the students and employees |
| Data Privacy / Privacy | The right for protection of personal data in digital environments. Students have a right to have a safe environment and the right receive information on how their data is processed. |
| GDPR Check | GDPR Risk and Impact Assessment made by Edudata.io's legal team |
| DPO / Data Protection Officer | The role of the data protection officer (DPO) is to ensure that their organisation processes the personal data of its staff, customers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules |
| Decision | Official decision to approve or decline a digital service. Made by the Decision Maker in Edudata Compliance. |
| Edudata.io | The Privacy App for Students and The GDPR DPIA Service for Education. |
| Record of Processing Activities (RoPA) | The RoPA provides detailed documentation of all data processing activities carried out by the organization in accordance with the Article 30 of the GDPR. |
| DPIA (Data Protection Impact Assessment | The Assessment has been done for every used application. The assessment includes the analysis of the possible threats and risks in the system. |
| Compliant | Organization fulfilling the requirements and following the applicable laws |
| Data Protection Impact Assessment (DPIA) | Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processin operations on the protection of personal data. |
| Data Protection Law | Laws on data privacy and data protection |
| Data Processing Agreement (DPA) | Data Processing Agreement by art 28(3) of the GDPR. Includes the responsibilities and rights of the parties relating to the data processing. Also known as data processing addendum or shortened as a DPA. |
| Registrar | Same as the Data Controller and is responsible for Data. Data controllers make the decisions to ensure a safe environment. Whit Edudata.io means schools and education providers. |
| GDPR | GDPR is the General Data Protection Regulation. European Union regulation on data protection and privacy. Mandatory to follow in every EU member state. |
| EU-US Data Privacy Framework | Data transfer agreement between EU and US. EU Commission made an adequacy decision on the US to provide an equivalent level of data protection in the US. Adequacy decision applies only to companies that have certified to the Data Privacy Framework (DPF) |
| Customer satisfaction and external communication | Customer refers to students and guardians. Customer satisfaction means transparent data processing in school and good management for employees. This also includes external communication for example software providers and Data Protection Authority. |
| Data Controller | A data controller determines the purposes and means of processing personal data. In other words, the data controller decides how and why data is processed. |
| Data Subject | The Data Subject is the person whose data is processed. Student in this context. |
| Decision maker (in Edudata) | The decision maker makes the official decision whether the app can be used in Education or not. The decision maker is responsible for the decisions. The Decision maker is usually the head of education, but the role of Decision maker in Edudata may be delegated. |
| Risk assessment recommendation | Edudata.io's legal team provides the risk assessment recommendation for the school. The legal team assesses possible risks and threats that have to be taken into account in the decision. |
| Education provider | Includes schools, cities, municipalities, and other organizations that provide education. |
| Edudata.io Privacy Webinars | The event for the customers is provided by Edudata.io's legal team. The latest development in the privacy field and latest updates in Edudata. Customers can use the information and increase awareness internally in the organization. |
| EU General Data Protection Regulation (GDPR) | The General Data Protection Regulation (GDPR) is a regulation of the European Union, which aims to ensure that companies and organizations process personal data on legal grounds, and ensure the security, privacy and confidentiality of personal data. |
| Data Protection Impact Assessment (DPIA) (Extensive) | An extensive data protection impact assessment must be carried out as set out in Art 35 of GDPR for every digital service where the conditions of Article 35 are met (for example, in case student is profiled or when new technology is used in data processing). Such digital platforms include for example Google Workspace for Education, Microsoft 365/Office 365. The supervisory authority shall establish a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment. |
| Privacy Lawyer | Edudata.io's legal specialist in GDPR and National Data Privacy Laws. They provide the risk assessment recommendations about the applications used in schools. Provides consultation and assistance to customers regarding DPIAs. |
| Impact and risk assessments | The Assessment is mandatory for every used application used in school. All processing activivies needs to be documented and assessed. The assessment includes the analysis of the possible threats and risks in the application that can affect the student. |
| Leadership decisions & management | Refers to the Decisions concerning all the privacy matters in schools, such as decision to use or not to use applications, privacy team and roles, documents, yearly clock and so on. |
| Privacy Framework | Edudata.io has simplified the Education Privacy Process for schools and made a clear framework. Schools get all their mandatory tasks done and the templates for the documentation. Schools can use the whole privacy framework or select the preferred parts and implement them in their school's processes. |
| RACI table | Identifies and delegates the roles and responsibilities of individuals involved in data processing activities within the school. |
| Data Subject request for information | The student and guardian have a right to see how the school processes students' personal data. Data subject can request information about the processing, for example, in which application is their personal being data processed. School should answer in a month. |
| Risk Assessment | Analysis of the possible risks and threats to data subjects privacy rights. Data Controller needs to ensure that all digital solutions employed in Education have been assessed and are suitable for the purpose. |
| School Privacy Policy | The Privacy Policy informs the data subjects how and why the school processes student data. For example, what is purpose, basis, what types of data is processed and how long the data is being processed. |
| Yearly Clock / Annual Privacy Plan | Data Privacy is a continuous process. Assessments and documentation needs to be updated. The yearly clock is the high-level plan for the year which shows what types of actions they need to do and when. |
| Application | Application is a generic word that we use for all digital services. For example apps, websites, softwares and platforms. |
| Edudata.io Privacy App | An app where students can view which services are approved for use in education, and can view which apps has the student logged into. The list provided by the app consist of approved school applications, the categories of personal data processed therein, the retention periods, and the organisations decision concerning the use of the app. Other additional data may be available. |
| Edudata.io Compliance | The GDPR DPIA management tool. Manage the whole process in one place. Every department in the school and city has its own view and process tool: teachers, draftsman, and Decision makers. |
| Transfer Impact Assessment (TIA) | Assessment of a transfer of personal data to a third country not covered by a European Commission adequacy decision. |
| Data Processor | An entity that processes personal data on behalf and under the instructions of the data controller. Digital service providers act as the data processor as long as the parties have signed a Data processing Agreement wherein it has been stipulated that the service provider acts as the processor. |
| Data Subject Rights | Rights of the Data Subject as set out in Chapter III of the GDPR. Data Subjects (students) have the right to, for example, get information on how or what data about them is being processed. Data Subjects might not have the right to use all their rights depending on the legal basis for processing. |
| Standard Contractual Clauses | Standard Contractual Clauses (SCC) approved by the EU Commission for data transfers between EU and non-EU countries. The purpose is to ensure appropriate data protection safeguards in transfers between the undertakings. The terms cannot be modified without the approval of a data protection authority. |
| Adequacy decision | EU Commission can determine whether a country outside the EU offers an adequate level of data protection. If a country has an adequacy decision, personal data can be transferred to that third country without any further safeguards being necessary and treated the same way as data transfer within the EU. There may be some exceptions, for example, US companies need to be certified to the Data Privacy Framework to base the transfer to the adequacy decision. |
| Privacy team | The team who are responsible for the operative process around Privacy in School. It can be the work of the Data Protection Officer but delegated to different experts to handle. |
| App Terminology | |
| Word / sentence | Description |
| Application | Any Application, website, tool, digital service which is used in Education |
| Date added | Date when application has been added to the master application list or when the request has been made |
| Status | Application status |
| Date Processed | The last date when a customer has processed the request |
| Request | Request made by customer user. User can request an application to be used in education. Request starts the process. Request > recommendation > draft decision > decision |
| Recommendation | Edudata.io creates an recommendation based on the risk assessment. |
| Partner recommendation | see: Recommendation |
| Notification | System notification to user. Notification are sent out by e-mail and can also been seen in the notification list under notification bell in upper right hand corner |
| Decision | A decision made by the decision maker based on the draftsman's draft decision |
| App status: Active | Application is active and visible for all users |
| App status: Inactive | Application is not active and is not visible to users, unless application has request or decision pending or is approved. |
| App status: Draft | Application is pending for Partner to verify the application content. |
| App status: New | Applicatios is pending for Partner to verify the application content. |
| Master app | Common nominator for single application, like company or company product line. Usually groups different application platforms under single app name. (Example: Adobe: Adobe Illustrator, Adobe Reader, Adobe Reader for Ios, Adobe reader fro Android, Adobe Photoshop...) |
| Applications | List of applications. |
| Date added | Date when application has been added to the master application list or when the request has been made |
| Status | Application status |
| Date Processed | Date when decision maker or draftman has created a decision or draft. |
| Decision valid until | Date when application decision is expiring. |
| Platform | Application distribution platform. For example, Website, Google Play, Apple store, etc. |
| App Client Status | Customer specific application request status |
| Request status: Expired | Application decision by customer has expired meaning the decision valid until date has been reached. |
| Request status: Need a new decision | Application decision by customer is going to expire in less than 30 days, meaning the decision valid until date is less than 30 days. |
| Request status: Approved | Application request is approved |
| Request status: In Review | Application request is in request queue or is waiting partner recommendation, draft or decision. |
| App status: Approved | Application request has been approved by decision maker |
| App status: Not approved | Application request has been declined by decision maker. |
| App status: View By Partner | Application request has been approved in request queue by draftsman and is pending for partner to make a recommendation. |
| App status: View By Draftsman | Application request has partner receommendation and is pending for Draftsman to make a draft |
| App status: Awaiting Decision | Application request has a draftdecision created and is pending for decision. |
| Decision status: Allowed | Recommendation, Draft and Decision status for positive decision |
| Decision status: Not allowed | Recommendation, Draft and Decision status for negative decision |
| TEACHER | Teacher has the rights to view the master application list and organisations approved applications list with end user instructions. |
| TEACHER_PLUS | Same as teacher role, with addition possibility to request new applications |
| DRAFTSMAN | A role in Edudata (For example the Data Protection Officer or similar) which processes application requests, requests Partner recommendations, prepares draft decisions for decision maker based on partner recommendation. |
| DECISION_MAKER | Makes decisions on applications |
| IT_ADMIN | Admin role for IT-admins whos task is to keep up application approvals in M365 and Google Workspace or other SSO-solutions. |
| CUSTOMER_ADMIN | Admin role for managing end user access rights to Edudata.io |
| DRAFT_AND_DECIDE | Combined roles of Draftsman and Decision Maker roles |
| Last Updates | The page which shows the latest updates and changes in the Edudata Compliance and Privacy App |
| User Manual | Instructions about the use of Edudata for end users |
| Draft | A decision draft created by draftsman before decision is done. |
| Dratfsman recommendation | see: Draft |
| Background and reasoning | Specific background and reasoning for the recommendation. Text is shown for draftsmans and decision makers |
| Additional instructions for end users | Instruction which are shown alongside the decision text to end users. May be freeform text describing how the service can be used by the end-users. Written by draftsman or decision maker. |
| Yearly Cost of the platform | A yearly value which can be used to calculate the Total cost of all applications. |
| Documents | Documents is a list of all attached PDF, etc documents linked in to the decision. Usually the DPA. |
| Threats | Threat list for all known risks identified in the assessment. |
| Mitigation | Mitigation is an action created to manage the threat. |
| Risk Propability | Number value between 1–4 to measure the propability of each threat to cause harm where 1 is low and 4 is high |
| Risk Severity | Number value between 1–4 to measure the severity of each threat to the data subject where 1 is low and 4 is significant |
| Requests list [currently Requests] | List of requests pending for processing |
| Requests hold | List of requests made by users waiting for draftman to approve/decline and send for Edudata.io risk assesment |
| Requests waiting for approval in request hold | Edudata.io user application requests that are in the request hold, pending to be sent to Edudata.io |
| Applications waiting for actions | Applications where requests are to be exipred or have been expired and requires actions from DPO. Applications Expired list |
| Requests waiting for draft | Requests pending for Draftman to create a draft for decision |
| Requests waiting for decision | Requests pending for Decision maker to create an official decision |
Except where otherwise noted, content on this page is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International.
THE DATA PRIVACY APP FOR STUDENTS & THE GDPR DPIA SERVICE FOR EDUCATION.
Edudata.io allows students to view and understand the processing of their personal data. For Schools Edudata.io is the Data Privacy platform which saves resources spent on EU GDPR Data Protection Impact Assessments.
We are taking care of the students' privacy in these and other 70 cities in 4 different countries!
