Regent British Academy: GDPR compliance and safeguarding transformation
How a British-curriculum international school in Nairobi solved its compliance audit gaps
An international inspection revealed systemic compliance gaps.
Regent British Academy operates under a British curriculum with UK-standard safeguarding requirements. In practice, welfare concerns were logged in a physical notebook. There was no digital trail, no case management, no audit readiness.
GDPR compliance was equally fragmented. Parent data was spread across four systems with no ROPA, no consent records, and no ability to respond to a data request quickly.
- Safeguarding concerns in physical notebooks — no audit trail
- No digital case management for investigations
- GDPR compliance not documented — no ROPA
- DSAR requests took 3 weeks manually
- Staff had excessive access to student data
Compliance baked into every process, not bolted on.
The implementation prioritised the safeguarding and data privacy modules. The DSL replaced the notebook with a digital record capturing who knew what, when, and what action was taken. Permissions ensured only authorized staff could view sensitive cases.
Historical paper consent forms were digitised and linked to parent records. The DSAR workflow was configured with the UK statutory 30-day deadline as the default.
"The level of compliance detail in EducaSphere is extraordinary. GDPR, right to erasure, data subject access requests — it was all there before we even asked. We welcome inspections now."
Inspection-ready. Every time.
Six weeks after go-live, the school completed an internal safeguarding audit. Every concern logged had a complete case trail. A sample DSAR was completed in four hours instead of three weeks.