Privacy in education, a much-heard topic in recent months. The May 25, 2018, date is getting closer and closer, and through various media, we hear over and over again what is to come from that moment on. Actually a bit strange to only have your privacy in order from that moment on, right?
In education, we work with and for children every day with great love, passion and pleasure. Of this "vulnerable" target group (as the Autoriteit Persoonsgegevens calls them), we as an educational institution want to know and store as much as possible. Everything in the interest of the child and in the context of (educational) development.
In itself, not a wrong attitude to obtain as much information as possible to best serve the child's development and care needs. What practice shows, however, is that the pain points are not in the care files, but mainly in practical matters in relation to the new legislation. Think about the amount of consent forms that parents must sign (for example, for publication of images (on various media), exchange of data for school swimming, sharing data for school soccer tournament and so on).
In addition to the practical issues, especially the administrative obligations (processor agreements, processing register, data incident register, consent declarations, conducting a data impact assessment, appointing a data protection officer) create a considerable pressure on an educational organization. A common cry then is "it's not becoming workable anymore", "long live the workload", "what about additional funding?". It's alive! It is very much alive at the moment, but we must guard against panic soccer.
National organizations like Kennisnet and the PO Council have very good models to limit and greatly reduce this administrative burden. This provides a good guide and some structure in the big forest of "Information Security & Privacy."
Personally, I think the administrative tasks, technical adjustments and appointing an FG are the easiest tasks within the new legislation. This can all be "ticked off" and organized in a planned manner. The most difficult component remains awareness on the shop floor. The teachers who deal daily with the various parents, (external) organizations and stakeholders. It is therefore very important to put most of the time into this in the coming period. Make sure there is a "counter" within your own organization when it comes to privacy and that employees know how to find you. Limit the height of the threshold and don't start telling your colleagues about the dangers of the new privacy legislation. This is counterproductive. Above all, tell them why privacy is important and what measures should be taken. Involve your colleagues in the development and set a clear route.
More information:
Approach IBP Kennisnet
Privacy & Appropriate Education tool
This article can also be found in the Youth & Education file
