GDPR Compliance

SmarterServices takes the security of your data and our infrastructure very seriously. We are committed to providing an environment that is safe, secure, and available to all of our customers.

GDPR Overview

The European Union’s (EU) General Data Protection Regulation will impact any organization worldwide, including U.S. colleges and universities, that processes data relating to people in Europe.

The new GDPR rules require institutions to take extra steps to protect the personal information of people in the E.U., regardless of whether they are E.U. citizens or permanent residents. So, the requirements also apply to American students or faculty members who communicate with campuses while they are in Europe.

In addition to understanding what data they hold, where data is stored and how they are used, institutions and their vendors will need to be able to accommodate requests to retrieve, correct or erase the data. They must also promptly report any data breaches.

The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.

Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.

Additional Resources

For more information we recommend these resources:

Official GDPR Portal –

GDPR Overview –

Why Care About GDPR –

What Does the GDPR Mean for Education Privacy in the US?
Ten Ways For Higher Education Institutions to Prepare for GDPR Compliance –

European Rules (and Big Fines) for American Colleges –

Frequently Asked Questions

Q. What is the GDPR Data Protection Exhibit (DPE) in the SmarterServices Master Services Agreement?

A. Client institutions that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors, including SmarterServices, they use to process the EU personal data also have privacy and security protections in place. Our DPE which is provided in our Master Service Agreement outlines the privacy and security protections we have in place. SmarterServices is committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services.

Q. Are clients required to sign the Data Protection Exhibit in the SmarterServices Master Services Agreement?

A. Yes, in order to use our products and services all clients must accept our Data Protection Exhibit.  Institutional clients indicate their consent through their signature on our Master Services Agreement. End users (typically students) agree to our terms of service by utilization of our services.  End users are constantly provided access to the following documents in the footer of our website: cookie policy, GDPR compliance statement, privacy policy, terms of use and accessibility statement.

Accessibility Statement

SmarterServices is committed to ensuring its products are accessible to users with disabilities. The SmarterProctoring application strives for WCAG 2.1 Level A/AA and Section 508 conformance. Regular testing is conducted to identify conformance issues, with processes in place for timely remediation of accessibility issues that are identified.

The VPAT for SmarterProctoring can be found here.