Want to make creations as awesome as this one?

e-Privacing Roadmap to Data Protection in e-learning.

More creations to inspire you

Transcript

#1

#2

#3

#4

#5

Data Protection Agreement

between educational organization and the company providing the e-learning platform.

Proper Information

about the operation of the platform and the arising privacy issues through the privacy statement of educational organization’s website.

Roadmap

Processing Activities

recording and explanation of policies and procedures.

Data Protection Officer

and raising awareness about data protection issues through the organization.

Impact Assessment

for data protection and minimisation of risks.

Basic Legal Obligation for the Educational Institute

to Data Protection

When an educational organization chooses an e-learning platform, it is crucial to make a data protection agreement with its vendor in order to guarantee the level of protection of students’ and teachers’ personal data. When the schools use one of the common e-learning platforms, they probably have to accept the terms and conditions of the platform as well as to accept electronically the standard and non – negotiable data protection agreement.

The Educational organization should provide specific information through its websites’ privacy statement to teachers, students, and parents about the processing of their personal data. The privacy statements should consist of specific information about:

  • the usage of the e-learning platforms
  • the contact details of the school’s DPO
  • the way the subjects can exercise their rights
  • the technical and organizational measures taken for the protection of personal data when the students and the teachers use the e-learning platform.

As a best practice, it is strongly recommended that the school keep a record of processing activities and update it with all the necessary information related to the e-learning platforms. In addition, It is recommended to adopt data protection policy and procedures over privacy issues.

The school should appoint a Data Protection Officer, in order to inform the data subjects about the specific aspects of the process of their personal data, in order to answer them when they exercise their rights, in order to raise awareness through the organization, as well as to train the teachers on the field of privacy and protection of personal data.

The educational organization should conduct a Data Protection Impact Assessment in order to identify and minimise the data protection risks of the usage of the e-learning platform. In some EU countries, such as Greece, the Data Protection Impact Assessment relating to the use of e-learning platforms during the COVID-19 era are conducted by the ministry of education.

#1

#2

#3

#4

Rights of Students

Students have certain rights when it comes to the use of e-learning tools.

Informing Students

There is an obligation to inform students about their rights when using e-learning tools.

Roadmap

Requesting Consent

There are some basic requirements for consent compliant with GDPR.

Cybersecurity

Raising awareness over the issues of data protection and cybersecurity

Basic Legal aspects for the usage of digital platforms by Students

to Data Protection

Students have the following rights when they use e-learning tools and platforms:

  • Right of access to their personal data, including information concerning the processing of personal data.
  • Right to rectification of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of the processing.
  • Right to data portability.
  • Right to object to the processing based on the Company’s legitimate interests.
  • Right to withdraw your consent directly and freely.

Additional protection is granted to this type of personal data since children are less aware of the risks and consequences of sharing data and of their rights. Any information addressed specifically to a child should be adapted to be easily accessible, using clear and plain language. For most online services the consent of the parent or guardian is required in order to process a child’s personal data on the grounds of the consent up to a certain age.

The age threshold for obtaining parental consent is established by each EU Member State and can be between 13 and 16 years. Schools, have to make reasonable efforts, taking into consideration available technology, to check that the consent given is truly in line with the law. The abovementioned obligation arises only in the cases that the process of personal data is founded on the legal basis of consent.

Under the coronavirus pandemic influence, the e-learning systems have become a model for implementing the teaching process with no alternative. In such crisis circumstances, e-learning system availability is emphasized, which can be very easily reduced by using DDoS attacks. One critical element, for the detection of such attacks, is the awareness of students and teachers, over data protection and cybersecurity arising issues.

#1

#2

Rights of Teachers

Teachers, as employees, have certain rights in the field of data protection and e-learning.

Teachers’ Obligations

for the protection of students' rights.

Roadmap

Basic Legal aspects for the usage of digital platforms by Teachers

to Data Protection

Teachers, as employees, may have the following rights, in the field of data protection, when they use e-learning tools and platforms:

  • Right of access to their personal data, including information concerning the processing of personal data.
  • Right to rectification of inaccurate or incomplete personal data
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of the processing.
  • Right to data portability.
  • Right to object to the processing based on the Company’s legitimate interests.
  • Right to withdraw your consent directly and freely.

Teachers should be aware of the basic aspects of data protection legislation, as well as the dangers in the field of cybersecurity. Teachers are responsible to raise awareness of students in the field of privacy, on the field of cybersecurity.