Skip to main content

BIIAB Advice for Centres - General Data Protection Regulation (GDPR)

On the 25th May 2018 the General Data Protection Regulation (GDPR) replaces the current Data Protection Act. GDPR affects the BIIAB and all our centres and learners. Here we will help you to understand how and why BIIAB store data regarding centres and learners.

As a BIIAB centre how do you ensure you are compliant with BIIAB requirements, regulatory requirements and the additional requirements of GDPR?

  • BIIAB centres must ensure that all learners taking a BIIAB assessment or completing a QADAP pack or End Point Assessment know that:
  • The personal data they provide will be shared with BIIAB for the purposes of completing a qualification/apprenticeship/end point assessment or QADAP pack and will be stored thereafter for a minimum of 50 years.
  • If the learner is completing a Licence-Linked Security qualification their data will be passed onto the SIA in accordance with SIA requirements and thereafter processed and stored with the SIA as per their own requirements.
  •  If the learner is registering for a functional skills qualification their data will be passed onto SkillsFirst Awards Ltd and thereafter processed and stored with SkillsFirst as per their own requirements.
  • BIIAB have a regulatory requirement to provide personal data to educational agencies such as the ESFA, Ofqual, Qualifications Wales, DfE, and The Learning Records Service (LRS).  NB please note this list is subject to change and not exhaustive.

How long should you as a centre retain information relating to a learner who has taken a BIIAB qualification for?

Data (portfolios, nominal rolls etc.) should be kept securely as per your own centres GDPR regulations for a minimum of 3 years.

How long will BIIAB retain learner data for?

BIIAB will retain learners’ data for 50 years from the date of certification.

For the purposes of audit and regulatory compliance BIIAB will retain personal data for all learners registered with BIIAB whether or not they complete the registration or are withdrawn at a later date.

How are BIIAB keeping centre and learner data safe?

All data will be processed in accordance with GDPR, along with any regulatory requirements associated with the qualification.

All learner data stored on our two sites Online Registration Certification System (ORCS) and Online Registration Certification and Assessment System (ORCAS) is stored at a dedicated datacentre securely protected by a firewall and data transfers between the sites are via a SSL with regular penetration testing taking place to ensure continued security.  Only approved members of BIIAB staff have access to these systems at Head Office.

How long should you as a centre retain information (CVs, Certificates and CPD records) for staff?

BIIAB centres should retain CVs, Certificates and CPD records for all staff involved in the delivery of BIIAB qualifications whilst they remain at your centre and for 3 years after they leave your centre.

How do BIIAB store centre staff CVs, certificates and CPD records? Who has access to them and how long will we keep them for?

BIIAB will retain CVs certificates and CPD records for the time the staff member is active within the approved centre and for 3 years following their departure from the centre.  Centres are responsible for sending the records to BIIAB and notifying us of staff departures. This data is stored securely on BIIAB servers and only approved members of the BIIAB team have access to this data. This data is only shared with the EQA that is responsible for your centre.

BIIAB are committed to continuing to provide our excellent customer service to all our centres and learners whilst complying with the new GDPR regulations.  We are conducting a comprehensive review of all of our policies, procedures and qualifications to ensure we are fully compliant and we will continue to update you as further changes are made.

Back