MyClassboard respects its users’ data privacy and security. We’ve proven our dedication by routinely exceeding industry standards. We will never collect or process personal data from users beyond what is required to run our products. We already have a privacy-conscious culture, and GDPR allows us to build on it.

What is GDPR?

GDPR is an EU-wide privacy and data protection law that regulates how firms protect data and give EU citizens more control over their data.

The GDPR applies to all global firms, not just those situated in the EU. Because we value our clients’ data no matter where they are, we have made GDPR compliance a global norm. GDPR took effect on May 25, 2018.

What comprises personal data?

Any data that identifies a person. GDPR encompasses a wide range of data that can be used alone or with other data to identify a person. For example, names and email addresses are not personal data. However, financial data, political viewpoints, genetics, biometrics, IP, physical address, sexual orientation, and ethnicity are examples that define personal data.

How have we prepared ourselves for GDPR?

We have taken several steps to comply with this new GDPR rule.

We've increased awareness internally and instructed personnel on handling data correctly. They now realize the value of data security and the GDPR's strict standards.

We've reviewed all MyClassboard products for GDPR compliance and added additional capabilities to give users more control over their data and make GDPR compliance easier.

We've created an Information Asset Register (IAR) that details MyClassboard's data controller and processor duties. It describes the types of personal data our company collects and uses and which departments have access to which data. It covers all of our processes and procedures.

We evaluated our sub-processors (third-party service providers, partners) and streamlined our contracting procedure with them to verify they met current security and privacy standards.

Our teams have designated internal privacy champions. We also have a DPO (DPO).

Our technology teams have embraced privacy by design and given you more control over your data. These rules can vary depending on the product and its domain. We are continually striving to improve your experience, which will be phased in.

We updated our Data Processing Addendum (based on Model Contractual Clauses) to comply with GDPR. To sign a DPA with us, please email requesting a copy of the Data Processing Addendum.

Then we did DPIAs (DPIA). Based on the findings, we implemented data processing and management procedures.

Product, process, operations and management internal audits Our teams were informed of the findings and worked on remedies.

We upgraded our data security methods and practices after DPIAs and internal audits. This involves encrypting data at rest, depending on its sensitivity and danger. We built internal tools for data governance and discovery.

We regularly update our databases to ensure we have the most up-to-date information. This cleansing involves terminating and deactivating accounts per our TOS.

Notifications of breaches will be made per our internal Privacy Incident Response policy. Customers will be alerted of a breach within 72 hours. We will tell users via our blogs, forums, and social media. For issues affecting a single user or an entire enterprise, we will email the affected parties (using their primary email address).

Our Privacy Policy has been updated to reflect changes in our data inventory, data flows, and processing processes.


Global data protection rules have changed with the EU’s General Data Protection Regulation (GDPR). As much as technology has advanced in recent decades, privacy rules have not. To keep up with the times, European regulators updated the Data Protection Directive in 2016. This law establishes a comprehensive set of rules for processing the personal data of EU citizens.

It affects all organizations that handle the personal data of EU citizens. New requirements for data processors, with clear accountability for data controllers.

This law knows no borders. Therefore, no matter where your company is situated, if you process the personal data of EU citizens, you are subject to EU law.

A GDPR violation can cost up to 4% of annual global turnover, or €20 million (whichever is greater).

User: A person residing in the EU. 

Controller: A regulatory authority determining the goal and method of processing data.