✓ Fully Compliant
GDPR Compliance
DigitalStudy is fully compliant with the General Data Protection Regulation (GDPR) for our customers in the European Union and European Economic Area.
Data Processing Agreements (DPA)
- Standard Contractual Clauses (SCCs) available for data transfers
- Data Processing Agreements tailored for educational institutions
- Article 28 processor obligations fully implemented
Data Subject Rights
- Tools for managing data subject access requests
- Automated data export capabilities
- Right to erasure (deletion) support
- Consent management features
Technical and Organizational Measures
- Data protection by design and default
- Privacy Impact Assessments (PIA) completed
- Records of processing activities maintained
- Breach notification procedures within 72 hours
FERPA Compliance
For US educational institutions, DigitalStudy fully complies with the Family Educational Rights and Privacy Act (FERPA).
FERPA Requirements Met
- Education records protected with access controls
- Directory information management tools
- Parent/student rights to inspect records
- Consent management for disclosure
- Audit trails of all record access
School Official Designation
DigitalStudy acts as a "school official" under FERPA when processing education records on behalf of educational institutions. This means:
- We perform institutional services and functions
- We are under direct control of the educational institution
- We use education records only for authorized purposes
- We do not redisclose records without authorization
COPPA Compliance
DigitalStudy complies with the Children's Online Privacy Protection Act (COPPA) for users under 13 years of age.
Parental Consent
- Tools for obtaining verifiable parental consent
- Parental rights to review child's information
- Parental rights to delete child's information
- Age-gating and verification options
Data Collection Limitations
- Only necessary educational data collected
- No behavioral advertising to children
- Data retention limited to educational purposes
PCI DSS Compliance
For payment processing features, DigitalStudy maintains PCI DSS compliance:
- No storage of full credit card numbers
- Tokenization for payment data
- Integration with PCI-compliant payment processors
- Annual security assessments
State and Regional Compliance
DigitalStudy also supports compliance with various state and regional regulations:
United States
- California (CCPA): California Consumer Privacy Act compliance tools
- New York (EDL): Education Law Section 2-d compliance
- Illinois (SOPPA): Student Online Personal Protection Act support
- Texas: Data privacy requirements for educational technology
International
- UK (UK GDPR): Post-Brexit data protection compliance
- Canada (PIPEDA): Personal Information Protection compliance
- Australia (Privacy Act): Australian Privacy Principles adherence
- Singapore (PDPA): Personal Data Protection Act compliance
Compliance Certifications
DigitalStudy maintains the following certifications and undergoes regular audits:
- SOC 2 Type II: Annual security controls audit
- ISO 27001: Information Security Management certification
- ISO 27018: Cloud privacy protection certification
- CSA STAR: Cloud Security Alliance certification
Compliance Resources
We provide resources to help you maintain compliance:
- Compliance documentation and white papers
- Data Processing Agreement templates
- Subprocessor list and updates
- Audit reports (under NDA)
- Compliance training materials
Contact Our Compliance Team
For compliance-related questions or to request compliance documentation:
- Email: compliance@digitalstudy.org
- Data Protection Officer: dpo@digitalstudy.org