Data Protection & GDPR Alignment
As an educational technology platform handling sensitive academic and personal data, Edlum is deeply committed to maintaining the highest global standards for data privacy and security.
1. Primary Compliance Framework (Nigeria)
Edlum’s primary framework for compliance is the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR) 2019. These local laws require high levels of data security, transparency, and accountability for personal data processed within Nigeria.3
Our commitment to NDPA/NDPR principles is demonstrated through:
- Lawful Processing: We only process data necessary for the educational service, based on explicit consent from the school (and, implicitly, from parents/guardians).
- Data Minimization: We collect only the data required to provide the service (e.g., student names, results, progress metrics).
- Secure Storage: All data is stored in a secure cloud-based platform, protected with secure logins and encryption.
- Data Subject Rights: We enable students and parents to easily access and monitor their academic data, supporting their right to information and access.
2. Edlum’s Alignment with GDPR Principles
While Edlum is currently focused on the Nigerian market, we recognize the importance of the General Data Protection Regulation (GDPR) as the gold standard for global data privacy. Our platform is built using the following core GDPR principles to ensure robust protection for all users:
| GDPR Principle | Edlum Implementation |
| Lawfulness, Fairness, & Transparency | Our Privacy Policy clearly details what data is collected and why it is processed (i.e., for result tracking, communication, and progress monitoring). |
| Purpose Limitation | Data is used strictly for educational progress tracking, parent-teacher communication, and performance reporting—it is not used for targeted advertising or unrelated third-party purposes. |
| Data Minimisation | We collect only adequate, relevant, and necessary data. We do not require or process special categories of sensitive personal data (e.g., health, religion) unless explicitly necessary for an optional feature added by the school. |
| Accuracy | The system is designed for Simplified Workflows that allow teachers and schools to easily correct or update student results and data, ensuring the academic record is always accurate. |
| Storage Limitation | Academic records are retained only for the period necessary for the student’s education, creating a Personal Academic Record history that is later governed by the School’s data retention policy. |
| Integrity & Confidentiality | We implement appropriate technical and organisational measures, including secure logins and encrypted storage, to prevent unauthorized access or data loss. |
| Accountability | We maintain documentation of our data processing activities and ensure all third-party vendors (if any) are vetted to meet our high data security standards. |
3. Data Subject Rights (Access and Control)
Edlum is designed to empower all users with control over their academic data:
- Right of Access: Students and Parents can view their results anytime and track their progress through their personal login dashboards.
- Right to Rectification: Schools and teachers can easily correct results and update student information.
- Right to Erasure (“Right to be Forgotten”): While certain academic records must be retained by the school for legal or regulatory reasons, we have processes in place to comply with requests for the secure and permanent deletion of a user’s account data upon final departure from the school, subject to those retention laws.
4. Security Measures
The commitment to compliance is enforced through robust security:
- Secure Cloud-Based Platform: All data is stored safely in a secure and private data storage system.
- Access Control: Access is granted strictly on a need-to-know basis (e.g., a parent only sees their child’s data; a teacher only sees their class data).
- Data Protection by Design: Our development process incorporates security and privacy measures from the outset to ensure default protection for all user data.
For further details on how your data is handled, please refer to our Privacy Policy.
Disclaimer: This document confirms alignment with the principles of major data protection laws. Achieving and maintaining full legal compliance with all international regulations (like GDPR) requires continuous auditing and consultation with legal experts.
