Arbor's Data Protection Policy to comply with GDPR

For an overview of how we protect your data, take a look at our website.

We are fully GDPR compliant

To see our full documentation regarding data protection for all our products, read our GDPR FAQ. This covers all our security features, principles, and processes in a digestible format.

It includes a Data Protection Impact Assessment template (DPIA).

You can also download this separately as an editable Word document by clicking the link at the bottom of this page.

GDPR At Arbor: How We Comply

Our Authorised Sub-processors


Third Party service/vendor Purpose Relationship Entity Country
AWS Amazon Servers/High Availability Supplier UK
Snowflake Warehousing and Analytics Supplier UK
Stripe Payment Processing Supplier UK
Nexmo SMS provider Supplier UK
Microsoft Azure Identity and Artificial Intelligence Services Supplier UK
Swyft Customer Support , customer training and customer onboarding Subcontractor UK
SBS (School Business Services) Customer training and customer onboarding Subcontractor UK
Schools ICT Customer training and customer onboarding Subcontractor UK
Somerset County Council Customer training and customer onboarding Subcontractor UK
Odondo Customer Support Subcontractor UK
Herts for Learning Customer training and customer onboarding Subcontractor UK
Entrust Customer training and customer onboarding Subcontractor UK
North Yorkshire County Council Customer training and customer onboarding Subcontractor UK
Services 4 Schools Customer training and customer onboarding Subcontractor UK




We help you to protect your data

Arbor MIS also has a number of tools to help you keep your school GDPR compliant:

  • Data quality dashboards to help keep personal data accurate
  • User login histories can be viewed by headteachers and system administrators for access control
  • Role-based, granular permissions so that, for instance, an individual who can see a student’s child protection status cannot necessarily view or edit documents relating to that status
  • Two-factor authentication can be enabled for your staff on request, as well as enforced regular password changes (not available for the Parent Portal or Arbor App): Two-factor authentication
  • Subject Access Requests made easy with all information about a data subject (whether staff, student or guardian) possible to download with one button: Downloading Profiles
  • Data Retention Dashboards for personal records highlight records that exceed data retention timelines, so they can be deleted in bulk: Managing data retention for your MIS data


We have a comprehensive Information Security Management System

As an MIS provider, we’re very used to handling sensitive information and are an approved government cloud provider on the DfE Cloud Service Providers list.

Although it is extremely rare, if you are concerned there may have been a data breach, please contact us immediately. We will then conduct a thorough investigation.

Our certifications

We have certifications for:

  • ISO 9001 - Internationally recognised as the gold standard for Quality Management Systems. It helps organisations ensure that their processes comply with rigorous standards for quality assurance and are measurably effective. Certification requires an independent audit to be passed annually.
  • ISO 27001 - International standard for Information Security Management Systems. It contains a large number of controls an organisation must implement, considering everything from how personal information is handled, through to physical security of locations where information is stored or processed. Maintaining certification requires passing an independent audit annually.
  • Cyber Essentials - Cyber Essentials is an effective, Government backed scheme that helps protect organisations, whatever their size, against a whole range of the most common cyber attacks.
  • PCI DSS - As a secure provider of card payments, Arbor is audited annually for compliance with the Payment Card Industry Data Security Standard (PCI DSS). You can read more about this in our PCI Charter.

You can find our certificates by clicking the links below. These certifications mean our security management is audited annually to the highest international standards.


Was this article helpful?
6 out of 12 found this helpful
I'm still stuck!



Article is closed for comments.