We are committed to keeping your data safe and secure and ensuring that you receive the best possible service from ABRSM.
In the policy we explain what we do with your data and your rights to make sure it is accurate and up to date and accessible by you. Our data protection action plan ensures we are compliant with the UK’s Data Protection Act 2018 and EU General Data Protection Regulations (GDPR). Our staff, country representatives and examiners are trained and expected to adhere to our policies on the safekeeping of personal data. We have contracts in place with third parties with whom we have to share data to provide our services. We maintain state of the art security systems which are externally validated. The ICO’s guidance provides more advice on your rights.
Is it necessary for applicants to have a Data Processing Agreement with ABRSM?
ABRSM is a Data Controller in relation to our exams. ABRSM takes data protection seriously, particularly in relation to children, and as such, our policies and practices are compliant with EU GDPR and UK data protection law. We have been asked frequently whether it is necessary for Applicants to have a Data Processing Agreement with ABRSM. We have received legal advice that ABRSM is a Data Controller in relation to exam entries, not a Data Processor, and that a data processing agreement is not necessary. The basis for this analysis is that ABRSM determines the purpose and means for our processing of the personal data. ABRSM has overall control in determining:
- what personal data is required and collected from pupils in order that they can use our services;
- the purpose and legal basis for which this personal data is processed; and
- with whom that personal data is shared in order that we can provide our services.