When proctoring via ProctorExam, the General Data Protection Regulation (GDPR) is taken into account. Because personal data are processed during online proctoring, test takers receive notice before the start of the assessment. This notification explains which personal data are processed and how this is done. Below, we will elaborate on a number of other ways that your privacy is being taken into consideration.
Regarding the privacy of an exam taker, we adhere to two important principles of the GDPR: data minimization and data retention. Data minimization means that the recordings are only used by authorized persons and only for proctoring the assessment. Data retention means that we observe the indicated retention period of the recordings and that this data retention is done safely. In this case, we observe the retention period as prescribed by the data registers, which are adjusted to the status of the recordings and the institution list.
Furthermore, the institutions and ProctorExam enter into a processing agreement. In this agreement, the institution and ProctorExam agree that they will diligently handle processed data. It also includes that the parties will observe all applicable rules and regulations, including, but not limited to, the GDPR.
Also, a so-called Privacy Impact Assessment (PIA) is executed. This is a privacy effect assessment instrument which discloses any privacy risks in a structured and clear way. This PIA is also executed, among other things, before any processing of personal data in view of research, projects, processes, and applications.