The rules of the EU General Data Protection Regulation (GDPR) have been in place since 2018. From the beginning of the implementation of these regulations, organisations and companies that do business with the EU have had to comply. This even applies to the UK, which officially left the EU at the end of January 2021, meaning that we must continue to follow the regulations in place.
So, what is GDPR? And how does it fit into an educational setting?
What is GDPR?
Before we can look at how these regulations impact education, it’s important to set out what GDPR is. The EU’s GDPR came into effect in May 2018. This law regulates how personal data is retained and protected.
The definition of personal data, according to the GDPR directive, is information that relates to a person such as a name, email address, or photograph. Other details that fall under the banner of personal data include social media, location information, bank details, and medical information, along with a computer IP address.
When GDPR took effect, the spotlight was shone on how this data is transferred and stored. European Union member states have followed this since 2018. However, it also applies to businesses and brands that provide services and goods in the EU.
How is GDPR linked to education?
Businesses must comply with GDPR rules in order to ensure personal data is correctly processed and collected. But it also applies to educational settings such as schools, nurseries, and universities.
Data protection has always been an important part of safeguarding in educational settings. From the pupils and students that attend the school or university to the details of staff, governors, and others who are connected to the educational establishment, the storage of personal data is key to protecting individuals. However, the introduction of GDPR has meant that educational settings must follow the guidelines, as these apply across the board.
This has included things like establishing who the data controller – the person who controls how and why data is processed – and who the data processor – the person who handles the data on behalf of the controller – would be. Many schools have sought legal advice from education lawyers in order to train staff up and keep them compliant.
It’s also meant educational settings have updated the way they process and store personal data. In this case, schools will have had to weigh up why they are storing data, where this information is held, and what security measures are used.
For pupils aged under 18, parents would need to be given a letter outlining the data that’s kept on file at school or nursery about them and their children. For university and other higher education students, they will also need to have been told what personal data of theirs is held on file. This is because, under GDPR, parents and students can – free of charge – request to see what information about them is being kept on file.
Why is GDPR in education important?
There are several reasons why it’s important for schools and other educational environments to follow GDPR protocol.
It enhances parent, student and pupil confidence
If a school is taking proactive steps towards ensuring that it is GDPR compliant, parents and students are likely to feel that their personal data is in safe hands.
Staff are satisfied
It’s not just the pupils and parents that are impacted by how the educational setting follows GDPR guidelines. Teaching and support staff also have their data kept on file, so it’s important that they feel this information is held securely in their place of work.
It preserves reputation
Schools that are known for not following GDPR are likely to get a reputation for not complying with the law. This can be damaging to their reputation and impact on whether pupils will be put forward to attend.
There’s a fine to pay if not
There are penalties for organisations that don’t comply with the GDPR directive. Businesses have already seen fines of up to 4% of their annual global revenue for failing to implement the rules. These fines have been higher for some well-known names – and it’s not just businesses that are at risk of facing a penalty. Schools and educational settings can also face a fine if they don’t comply.
So, if you’re working in an educational setting, it’s worth taking the time to check how GDPR is being implemented and enforced to avoid any consequences.