TESTIMONIALS
Explore customer stories and how our products helped solve problems and meet their needs.
Explore customer stories and how our products helped solve problems and meet their needs.
Translation generated by an AI translation service
At itslearning, we take our role as a data processor seriously. Our platform is developed according to the principle of Privacy by Design, meaning privacy is considered from the outset, not as an afterthought. Every new feature, update, and integration is assessed against a fixed privacy and security checklist.
We also conduct thorough impact assessments of all our partners and subcontractors, providing schools with confidence when adopting new features or tools within the platform.
Subcontractors and GDPR: Full control in Europe
Municipalities have reported that some providers’ supply chains can be long and complex, making it challenging to understand which data is processed and by whom. A digital learning tool may have multiple subcontractors, each with their own subcontractors.
Some applications are also provided by overseas companies, making it difficult to determine the extent to which personal data is processed.
All our subcontractors adhere to European GDPR standards, and customer data is always processed within Europe. Data is encrypted, access is tightly controlled, and personal data is minimised wherever possible.
"At itslearning, the principle is simple: neither our own operational environments nor our subcontractors have more access than absolutely necessary. Customer data is protected through encryption, access controls, and data minimisation." – Daniel Manne, Security Officer at itslearning
DPIA and documentation made easier
An average Norwegian municipality typically has 50–200 systems processing high-risk personal data. This often triggers the requirement for a Data Protection Impact Assessment (DPIA).
To simplify this work, itslearning provides an 80% pre-completed DPIA on itslearning, available to all customers. In line with GDPR, we also maintain ongoing documentation (Records of Processing Activities), providing an overview of which data is processed, for what purpose, and on what legal basis. This streamlines municipalities’ handling of access and deletion requests and ensures proper documentation of compliance.
Together, we succeed
Municipalities bear enormous responsibility for protecting the data of students and staff, yet many lack the resources and expertise to manage this task. The Data Protection Officer (DPO) plays a crucial role in ensuring compliance with privacy laws, guiding staff on best practices, and acting as the contact point for both authorities and individuals. However, in small municipalities, this role is often not a dedicated position, but an extra duty assigned to someone who already has a full workload.
As schools rely on a wide range of digital systems, municipalities must dedicate substantial time to assessing DPIAs and processing protocols from each provider. We support our customers with transparency and clear reporting, but we believe the process should be simpler.
"To support the Municipalities, we think that a shared, national database containing 80% pre-completed DPIAs will not only not only simplifies the process but also strengthens privacy and raises the security level across the education sector." – Daniel Manne, Security Officer at itslearning
Ultimately, it’s about giving schools peace of mind so they can use digital tools for their intended purpose: improving learning and development for students, without compromising privacy.