We are delighted to share that Classter has successfully passed an independent EU GDPR Data Privacy Audit, conducted by INTERCERT Inc., a CISA-certified international audit firm. Between 7 and 10 May 2026, their auditors evaluated the design and implementation of our data protection controls against the General Data Protection Regulation covering everything from how we process personal data and handle individual rights, to how we secure data and respond to incidents.
The result: zero deviations noted across every area reviewed.
The auditor’s formal opinion, signed by lead auditor Rakesh Kumar on 9 June 2026, confirms that Classter’s controls are suitably designed to provide reasonable assurance that all applicable GDPR compliance objectives are achieved.
The controls behind the result
A clean audit doesn’t happen by accident. It reflects deliberate, sustained investment in the policies, systems, and people behind Classter’s data protection programme.
Our production databases are fully encrypted, both in transit and at rest. Access to personal data is restricted on a need-to-know basis, enforced through access control policies and monitored in real time. A vulnerability scanner runs continuously across our infrastructure, with open issues tracked against defined remediation timelines.
Every processing activity is documented in a Record of Processing Activities covering purpose, legal basis, data categories, and retention periods reviewed annually by our Chief Privacy Officer. Privacy by Design means every new feature and system change is assessed for privacy risk before it ships.
Data subject rights are handled through a documented fulfilment process: identity verification, a 30-day response commitment, and a full request log. Third-party suppliers with access to personal data go through periodic vendor risk assessments, backed by Data Processing Agreements. And every Classter employee from day one acknowledges our data protection policies and completes regular privacy training.
No security or privacy incidents were reported during the audit observation period.
What this means for your institution
We are thrilled to share this milestone not just as a reflection of our team’s hard work, but because of what it means for every institution that trusts Classter with their data.
If your school or institution uses Classter, this audit gives you something valuable: independent, third-party confirmation that your students’, staff’s, and families’ data is handled with the rigour and accountability that GDPR demands. Not our word for it a CISA-certified auditor’s.
For your data protection officer or legal team, this is objective evidence you can use when assessing Classter as a data processor. For your leadership, it is assurance that the platform managing your most sensitive records has been formally reviewed and found compliant. And for your institution as a whole, it means one less risk to manage.
Part of a broader commitment
This result does not stand alone. Earlier this year, Classter also achieved ISO 27001 certification the internationally recognised standard for Information Security Management Systems. Together, these two independent validations represent something we have believed since day one: that security and privacy are not features to add later, they are foundational to what a trustworthy education platform must be.