ProctorEdu GDPR Policy

Our Commitment to ensure transparency and comply with the General Data Protection Regulation (GDPR).

What should you know about GDPR?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world which stands for the data privacy. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, as long as they target or collect data related to people in the EU.

The aim of this page is to help our customers comply with the GDPR and educate test-takers about their rights.

Where Do We Stand

The two main roles described in GDPR are Data Processor and Data Controller.
GDPR defines Data Controllers as an entity that determines the purposes for which and the means by which personal data is processed. The Data Processor processes personal data only on behalf of the Data Controller as per the requirements of the Data Controller.

ProctorEdu acts as a Data Processor

ProctorEdu acts as a data processor and processes data on behalf of its clients/organisations who act as data controllers. The data controllers specify the kind of data required from the data subject (test-taker) and ProctorEdu collects the specified data before or during the assessment and then processing it as per Data Controller's instructions.

We are committed to privacy and data protection

Privacy and data protection are of the utmost importance to us and we take steps to protect personal data in accordance with global data protection laws.

From our website visitors, to professors and test-takers, we aim to provide all of our users with clear explanations about the information we collect, how that information is used, the contexts in which it may be shared, and provide all other disclosures and rights available under applicable privacy laws.

What we do to comply with GDPR

A few of the steps that we undertake to achieve the compliance
  • We monitor GDPR and update data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.
    ProctorEdu takes reasonable measures and precautions to protect and secure the personal data that we process. We have robust information security procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.

  • We review all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the related activity. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of GDPR and Schedule 1 of the Data Protection Bill are met.
  • We meet the 'data minimization' and 'storage limitation' principles. Personal information is stored, archived and destroyed compliantly and ethically.

    We have a Privacy policy and Security policy which provide all individuals whose personal information we process information about why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
    Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements.
  • Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting, etc.), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with GDPR.
    Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements or the Data Protection Bill Schedule 1 condition and have high-level encryptions and protections on all such data.
  • We have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and disseminated to all employees, making them aware of the reporting lines and steps to follow.
  • We have a designated Data Privacy Officer who monitors compliance with the General Data Protection Regulation, with other European Union or Member State data protection law, and with the policies of ProctorEdu in relation to the protection of personal data.
To learn more



Our Data Proctection team will be happy to answer your questions or receive feedback.
Please let us know if you encounter any issues:

Phone: +1 302 883-888-5

We try to respond to feedback within 5 business days.