General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR), which has been approved by the European Parliament, could have major implications for schools. Below we list what is essential for schools.

1. Your school must comply with European privacy rules from 2018

The new legislation is in line with technological developments and globalisation. Due to the GDPR, personal data of all EU residents will soon be protected in the same way, regardless of whether their data is stored in Europe or – for example – the United States right to be forgotten UK Law.

The law replaces national privacy legislation of EU countries. Dutch schools must also comply with these new rules from 2018. This results in homework for schools that have not yet arranged privacy properly.

2. You will soon have to substantiate the use of student data better

Rules for the use of personal data are becoming stricter. Schools will soon be obliged to better substantiate why they want to collect and process personal data from students and how long they want to keep that data.

The basic principle is 'data minimization': you may not request more data than is strictly necessary. After the use of personal data has ended, citizens have the 'right to be forgotten'. This will make it easier for parents to ask schools to delete data.

3. You need to arrange permission for the use of student data even better

In certain cases, you need permission from students and parents for the use of student data; for example when  using photos . You can no longer rely on that permission. Clear, active action from students and parents is needed, for example a signature. You must also clearly inform students and parents about what they agree to.

You will also have to be able to prove that you have received permission. Schools must start recording permission on time. If you want to use products for which parental permission is required, suppliers will soon also be able to ask for proof of that permission.