General Data Protection Regulation, or GDPR, is a set of data protection laws offering better security around the collection, storage and usage of personal information from individuals. Your school should have a person appointed that is responsible for handling all personal data of everyone connected with the school, however, you as a teacher have access to and handle a lot of data on your students.
Source: https://freepik.com/
What is the difference between personal and sensitive data?
Personal data is any information that can help identify a person or their family. In school records, this would constitute their name, address, contact details, disciplinary records, as well as student’s marks and progress report. This data remains “personal” even if an individual chooses to publicize it.
Sensitive data include students’ biometric data (photos, videos), religious beliefs (for example students opting out of religion class), health (allergies) or dietary requirements (that might hint at the religion of health). Data in this category may pose a risk to people and can only be processed under special conditions.
What are good practices you can adapt as a teacher?
- Ensure that personal data (particularly sensitive personal data) is never brought off-side unless appropriate steps are taken to protect the data in motion.
If you need to transfer personal data from one place to another – be it physical space or online – make sure it’s protected.
- Don’t sign the school up for any apps or software relating to school business, or require students to engage with apps/software without the prior written approval of the principal.
That doesn’t mean you need permission for every app, platform or website to be used in your classes, however, if students need to create an account to use it, you might need to ask for approval.
- Don’t store data relating to school business or student information on unapproved devices or systems (for example personal smartphones, tablets, cloud storage accounts,…)
- You should understand what constitutes a breach and, if you suspect a breach has occurred, report it to a person responsible for personal data in your school.
A breach happens when people gain unauthorized access to data they should have access to. If that happens, inform the person responsible in your school as soon as you notice a breach might accrued.
This short video covers data protection for teachers who work from home. Working remotely (online or hybrid learning) will pose a different set of problems or challenges than working in the school. It is important to keep them in mind while handling the personal or sensitive data of students.
General Data Protection Regulation is a very important part of every institution as it protects all individuals and their data. It might be a difficult topic to understand at first, however, with guidance and application of common sense it should be easy to follow.