The compliance of the 4Schools/Simple/Sosimple platform with the General Data Protection Regulation (GDPR).

Since its establishment EPAFOS considered personal data safety and data protection to be a high priority by applying particularly strict rules of confidentiality assurance. Since 2015 our company has been certified by the international organisation TUV Hellas (EN ISO 27001 – Information Security Management).

At the same time, its Cloud services work with Microsoft that has an internationally certified centre for preventing incidents of security violation on a 24hour basis. All data are exclusively stored on Azure that has all safety certificates existing on an international level.

The 4Schools design offers a series of mechanisms and tools that safeguard the confidentiality of your data and the classified access to information. These mechanisms provide the manager of each application with a flexibility to apply certain data classification and data access policies. In that way, the GDPR requirement for accessing personal data only by fully authorised staff is met.

Of course, data protection in the EU is a long-term process and the spirit of this regulation is to make us start protecting and respecting people’s personal data.

4Schools protection mechanisms allow compliance with GDPR

Encrypted database: The database of the system is encrypted and cannot be copied as it does not exist locally in a computer of the educational institution.

Encrypted communication: Communication with the system and data transfer is fully encrypted.

System access through a pair of keys (username/password): Every user has his/her own unique username/key (password) to have access to the application.

Definition of keys (passwords) lifespan – Level of key complexity: The key’s lifespan is defined in the application. The key is not valid beyond that time and users do not have access to the application (it is deactivated).

Classified access to information and data: Every user has access only to data that concern his/her work.

Classified access to indexes and lists: Every user has access only to pre-determined indexes and lists.

Classified access to parents’ and students’ details: There are fields and information that can be non-viewable for user groups.

Definition of user groups: There is a chance to create groups of users with same rights of access.

Logging: Logging of changes at personal data that will be constantly expanding in the future, so that you are aware of the activity of each user.

Right to mobility: Production of a printout or a document of any type with the total of personal and sensitive data of a natural person.

IP lock per user: There is the possibility to lock access to the application only from a specific IP address or from a range of addresses.

Users’ roles: Possibility to upgrade users of the application (according to the client’s needs of the client), so that they can only view the information for which they have the respective authorisation. Prohibition of any type of editing (view, print, edit) of sensitive and personal data of natural persons by non-authorised users of the system.

Sensitive personal data: Prohibition of displaying sensitive personal data on all reports based on the user/information level of classification.

Delete personal data: Possibility to completely delete personal data of a user apart from those that are stipulated by law and the rules of operation of the educational institute.

Cloud – Microsoft Azure

All 4Schools data as well as all information entered by the educational institute are stored at Microsoft Cloud, Azure.

Microsoft Azure is one of the most modern data centres in the planet and is trusted by thousands of organisations that manage especially critical and sensitive data such as banks, governmental organisations, insurance companies, health organisations, telecommunication bodies etc.

Microsoft Azure offers unique safety in issues of data loss. Everything can be found in two different locations with an automatic redirection to the second location, should something happen to the first one, without even a minor loss and with a full redundancy of the material part: Discs, memories, CPU etc. are multiple. At the same time, EPAFOS has a continuous backup per hour (24 different snapshots of your data every day) for 14 days.

Data safety and protection, data transparency and sovereignty are offered by Microsoft Azure platform by using Security Development Lifecycle (SDL) from the initial design until the provision of a solution.

GDPR is also a chance for every educational organisation

We, at EPAFOS, believe that the new regulation on personal data protection may at first be a hassle, but can also be a reason leading to modernising changes in the way in which educational units operate. The use of a modern IT system fully compatible with new reality improves everyday business life and safeguards the desired levels of compatibility with requirements and obligations set by the new regulation.

It is also important to note that the use of 4Schools helps the educational organisation comply with the GDPR, but also offers possibilities and characteristics that allow it to operate according to standards laid down by today’s digital era and meet students’ and parents’ expectations.