GDPR is coming, but what does it mean to my school?

  • Awareness
  • 24/05/2018
  • UK Safer Internet Centre

With the imminent introduction of the General Data Protection Regulation, which comes into force across Europe on Friday, 25 May 2018, many are struggling to understand what this means in practice. Here, Will Earp, Digital Experience Manager at the South West Grid for Learning (one of the partner organisations in the UK Safer Internet Centre (SIC)), takes a look at particular considerations for schools.

You may have heard of the General Data Protection Regulation (or GDPR); if you haven't, it is a change in the legislation regarding how personal data can be stored and used and it comes into effect on 25 May 2018. But what does it actually mean? What do we need to change in order to be compliant with this new law?

Global communications has changed significantly in the last 50 years, and with the growth of internet technologies and computing, it was inevitable that data privacy laws would need redoing - especially considering the legislation it replaces in the UK is now 20 years old (Data Protection Act 1998).

Apart from legislative reasons, there are real problems that GDPR aims to solve. It has become clear over the past 10 years that personal data is a valuable commodity (just look at Google and Facebook among other companies), where products and services are free at the point of use, supported by advertising and other processes that use the data collected.

Over the past few years there have also been a string of huge data breaches that have shown companies are hoovering up massive amounts of personal data, which has led to questions such as:

  • What processes do they have in place to keep the data secure?
  • Are they handling the data correctly?
  • Do they have permission to use the data in the ways they are using it?
  • Do they even need to hold the data in order to perform the function we asked them to perform?

GDPR will strengthen and unify data protection for individuals within the EU, and will force all organisations processing personal data about EU citizens to abide by the new regulation.

Read more…
To read the full article, which goes on to discuss issues around personal data, controllers and processors, data collection and processing, data breaches, and rights of the individual in more detail, please visit the SWGfL website.

Find out more about the work of the UK Safer Internet Centre (SIC), including its awareness raising, helpline, hotline and youth participation services.

Related news

Cyber Chronix, a new game from the JRC to better understand the GDPR

Friday, 25 May 2018 marked a turning point in Europe in terms of data protection thanks to the GDPR (General Data Protection Regulation) which came into force precisely one week ago. The GDPR, however, is a very complex set of regulations leaving many a company and professional confused. When it comes to children and youth in particular, it is even more important that they know their rights under the new legislation, in order to be in control of their personal data.

Status quo regarding the child's article 8 GDPR age of consent for data processing across the EU

  • Awareness
  • 20/12/2019
  • Ingrida Milkaite and Eva Lievens, Ghent University
The General Data Protection Regulation (GDPR) entered into force more than a year and a half ago, on 25 May 2018. In December 2019 one Member State of the European Union (EU) – Slovenia – is yet to adopt its final GDPR implementation law. In practice, the fact that Slovenia has not yet passed its GDPR implementation law means that the article 8 GDPR age currently is 16 years instead of the age which is proposed in Slovenian draft legislation (15 years) until the national law is officially adopted.

Digital advertising and marketing under the GDPR: what you need to know

  • Awareness
  • 15/02/2018
  • Greek Safer Internet Centre

The new GDPR is expected to bring a heavily impact how companies will reach out to consumers online, since they will now have to ask for explicit authorization to collect consumer data and use them for advertising purposes. The new regulation also requires companies to allow EU residents to view data collected about them and to update or remove such data from their corporate servers. At the same time, more stringent regulations on how to record network offenders will be addressed to online communication services such as WhatsApp, iMessage and Gmail, as proposed by the EU executive department.

Latest BIK bulletin - Positive online content, GDPR and post-summer roundup

In each edition of the BIK bulletin, we look at a topical issue - our main focus this month is on positive online content as we introduce our new campaign and reflect on the importance of being aware of what constitutes positive content for a wide range of stakeholders.