On May 25th 2018 the General Data Protection Regulation (GDPR) will come into full swing in the European Union as law, focused on individual privacy and access/use of personal information of European Union citizens. The General Data Protection Regulation (GDPR) is a new set of rules governing the privacy and security of personal data laid down by the European Commission which impacts all European Union’s (EU) organization both commercial and non commercial (non-profit) and foreign companies and organizations which handle European Union citizens personal data. The objective of bringing this regulation into law across the EU is in reaction to significant changes with the digitization of information and the growing power of algorithms used by large corporations in analysing and using personal data for commercial use. The General Data Protection Regulation has been designed to give a greater level of control to EU citizens over how their data is processed and used by companies and organizations.
For European International Schools GDPR is an important regulation that schools are working to become complaint. The GDPR requires European International Schools to ensure that all schoolwide processes, producers, and policies with personal data of staff, faculty, parents and students are complaint with the GDPR regulation.
Local government authorities enforcing the GDPR could potentially give out fines if organization do not comply to the GDPR.
There are three areas that European International Schools have to focus on for the GDPR :Governance ⅓, Data Protection ⅓ and Cyber Security ⅓. Schools need to show that they are working toward compliance in all three areas and ensure that any personal data they process is handled and stored securely. The focus is on mitigating the risk of personal data not being properly safeguarded. The GDPR extends to those organizations, companies, and services which European International Schools use for different services or resources in and outside of school Under the GDPR schools will be responsible to ensure these organization which might be accessing community members personal data are complaint with GDPR.
There is no doubt this new regulation brings about a lot work forEuropean International Schools as they review, and analysis their current status and enhance procedures, process and policies to be compliant with the GDPR.
This summer as many European International Schools realized the importance of this new regulation and in tandem understanding the extensive work needed to be done the International School of Brussels created a GDPR International Schools working group in an effort to share expertise and resource. In this GDPR working group over 45+ European International Schools are currently sharing and collaborating both virtually and in person. There have been two meetings hosted by the International School of Brussels on their campus in Brussels this fall and spring. 45+ European International Schools came together with representatives from school Leadership teams, IT Departments, and Administrators to work to support each other. In tandem the Brussels GDPR International Schools working group has been supported by 9ine consulting https://www.9ine.uk.com/ who are working with quite a few European International schools as consultants/experts on GDPR compliance in a school setting.
It is evident that working towards General Data Protection Regulation (GDPR) is very time consuming workflow, and the process requires whole school communities to consider enhancing or implementing new process, procedures and policies related to personal data used on and off campus. This workflow is requiring schools to look at all the daily process and procedures we often take for granted where personal data is being used, access and shared. One actually does not realize the magnitude of ways we work with school community members personal data in and out of school. This process is bringing this to light for many schools.
Below are good resources to support a further understanding of the GDPR
GDPR International Schools work group (a Google group started by the International School of Brussels)
Official EU Home page of the GDPR: https://www.eugdpr.org/
Preparing for GDPR in schools:
9ine Consulting Blog: http://www.9ine.uk.com/newsblog/topic/gdpr
Introduction to General Data Protection Regulation(GDPR): https://www.youtube.com/watch?v=n5WJOncaHt4
A Summary of EU General Data Protection: https://www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation
Burgess, Matt. “What Is GDPR? WIRED Explains What You Need to Know.” WIRED, WIRED UK, 6 Feb. 2018, http://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018.
Consulting, 9ine. “9ine Consulting | Blog – 9ine Consulting | GDPR.” 9ine, http://www.9ine.uk.com/newsblog/topic/gdpr.
“Home Page of EU GDPR.” EU GDPR Portal, http://www.eugdpr.org/.
“Introduction to General Data Protection Regulation(GDPR).” YouTube, YouTube, 22 Apr. 2017, http://www.youtube.com/watch?v=n5WJOncaHt4.
https://www.5874.co.uk, 5874 Design -. “Preparing for the General Data Protection Regulation (GDPR) – 10 Steps for Schools.” Harrison Clark Rickerbys, http://www.hcrlaw.com/preparing-general-data-protection-regulation-gdpr-10-steps-schools/.