I’m not going to go into much detail about the specifics of GDPR, so if you are curious, here are a couple of articles that can provide you with additional information:
The introduction of GDPR regulations meant a lot of time, energy and stress for my school leaders to ensure that the school was compliant on all fronts. This was a huge task that involved reexamining/adapting the data protection procedures already in place, informing and educating all staff on the rules and guidelines, and much more! We have two data protection officers (DPOs) whose job it is to facilitate all of this. Any breaches of the regulations must be reported to the DPOs.
When reflecting on the past year, I have realized that GDPR has had little impact on my day-to-day. These are a few of the things I have noticed:
- Getting access to a new website/app is more time consuming. Our tech team created a list of approved applications and websites, and parents were asked to give permission at the beginning of the year. For any additional app/site that requires a login, parents are required to be informed and asked for permission. (If you want more information on this, Mike Thaler talks about it in his blog post this week.)
- I am now more aware of what I print. Though I do very little printing to begin with, I am now more conscious of what I am printing and where I am printing it. If it contains any student data or information, I make sure to be at the printer before sending it to print.
- Clean desk policy. In the environment I work in, I don’t have a desk per se, but I do make sure that prior to leaving at the end of the day, any documents/papers containing student information are locked away in my trolley.
I recognize that this doesn’t seem like much, but I have recognized that my school already had a lot of measures in place for supporting student privacy. For example, I have always sent emails to parents using Bcc, no photos/videos including student faces should be posted to social media without explicit permission, students should not be posting anything online with any identifiable information.
To share or not to share…
As I have started to increase my digital presence over the past couple of years, protecting student privacy is something I have continued to struggle with. I consider myself lucky to be teaching in an innovative and flexible learning space and collaborative teaching model. While my colleagues and I have been able to share our experiences with this at a few teaching conferences, we have struggled to really be able to share this with the outside world.
This video was created to share our experience in our first year of this model (2016-2017). Permissions were collected for every student, allowing this to be shared externally. So much has changed since then (especially the space!), but we’ve struggled to be able to get it out there for others to see!
The same holds true for the sharing of student work. Throughout the year, our students create an incredible amount of digital content that should be shared with the world; however, we are unable to share a lot of it because of student privacy issues.
So how do we create authentic audiences for our learners in this case? It’s tough. And it’s an ongoing discussion within my team, and the school on the whole. I would love to hear from any other educators in the EU – how has GDPR impacted how you share student learning?