On May 25th 2018 the General Data Protection Regulation (GDPR) will come into full swing in the European Union as law, focused on individual privacy and access/use of personal information of European Union citizens.
International schools across the globe will be affected by the new regulations in various ways. Here, John Mikton offers a review of the effects of GDPR on schools, as well as guidance on understanding the regulations in more detail.
Titus Learning are running a webinar on May 9th to advise schools on preparing for the deadline. To sign up, click here.
With 25 years’ experience working in Education Technology and 12 years as a Senior Leadership Team member in International Schools, John is perfectly placed to comment on all things EdTech. John is currently the Head of Education and Media Technology/ Assistant Principal at the International School of Luxembourg. Previously John was the Director of eLearning at the Inter Community School Zurich and the Director of IT at the International School of Prague. John is an Apple Distinguished Educator and Google Education Trainer, Common Sense Digital Citizenship: Certified Educator and trainer at the Principal Training Center and AppsEvents.
The GDPR is a new set of rules governing the privacy and security of personal data laid down by the European Commission which impacts all EU organizations, both commercial and non commercial (non-profit) and foreign companies and organizations which handle European Union citizens’ personal data.
The objective of bringing this regulation into law across the EU is in reaction to significant changes with the digitization of information and the growing power of algorithms used by large corporations in analysing and using personal data for commercial use. The General Data Protection Regulation has been designed to give a greater level of control to EU citizens over how their data is processed and used by companies and organizations.
For European International Schools GDPR is an important regulation that schools are working to become complaint. The GDPR requires European International Schools to ensure that all schoolwide processes, producers, and policies with personal data of staff, faculty, parents and students are complaint with the GDPR regulation.
Local government authorities enforcing the GDPR could potentially give out hefty fines if organizations do not comply fully.
There are three areas that European International Schools have to focus on for the GDPR : Governance, Data Protection and Cyber Security . Schools need to show that they are working toward compliance in all three areas and ensure that any personal data they process is handled and stored securely. The focus is on mitigating the risk of personal data not being properly safeguarded.
The GDPR extends to those organizations, companies, and services which European International Schools use for different services or resources in and outside of school Under the GDPR schools will be responsible to ensure these organizations which might be accessing community members’ personal data are compliant with GDPR.
There is no doubt this new regulation brings about a lot work for European International Schools as they review, and analysis their current status and enhance procedures, process and policies to be compliant with the GDPR.
This summer as many European International Schools realized the importance of this new regulation and in tandem understanding the extensive work needed to be done the International School of Brussels created a GDPR International Schools working group in an effort to share expertise and resource.
In this GDPR working group over 45+ European International Schools are currently sharing and collaborating both virtually and in person. There have been two meetings hosted by the International School of Brussels on their campus in Brussels this fall and spring where over 45 European International Schools came together with representatives from school leadership teams, IT departments, and administrators to work to support each other.
In tandem the Brussels GDPR International Schools working group has been supported by 9ine consulting who are working with quite a few European international schools as consultants/experts on GDPR compliance in a school setting.
It is evident that working towards General Data Protection Regulation (GDPR) is a very time consuming workflow, and the process requires whole school communities to consider enhancing or implementing new processes, procedures and policies related to personal data used on and off campus.
This workflow is requiring schools to look at all the daily process and procedures we often take for granted where personal data is being used, access and shared. One actually does not realize the magnitude of ways we work with school community members’ personal data in and out of school. This process is bringing this to light for many schools.
Below are good resources to support a further understanding of the GDPR
Official EU Home page of the GDPR: https://www.eugdpr.org/
Preparing for GDPR in schools: https://www.gdpr.school/wp-content/uploads/2017/06/Preparing-for-GDPR-in-schools.pdf
9ine Consulting Blog: http://www.9ine.uk.com/newsblog/topic/gdpr
Introduction to General Data Protection Regulation(GDPR): https://www.youtube.com/watch?v=n5WJOncaHt4
A Summary of EU General Data Protection: https://www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation
To speak to a member of the Titus Learning team about the effect GDPR will have on your handling of data, and how to ensure your school is compliant before the deadline in May, contact us here.