Pencil

Hybrid learning and GDPR: maintaining security and compliance in disruptive times

Vânia Neto

Vânia Neto

Education Skills Lead |Learning & Skills Specialist |Microsoft Western Europe

Read Time, 4 min.

Like most areas of society, over the past six months the education sector has had to face challenges unlike any before.

Students thrive when they have access to personalized learning. As schools have moved quickly to adapt to remote learning, using technology to create new experiences that meet students’ needs has become more important than ever. At the heart of the new learning experience is a strong foundation of security, privacy and compliance, empowering both students and educators to work within a safe and secure environment, and open up new opportunities for innovation.

The education sector has a large, complex landscape to navigate when it comes to security, compliance, and laws like General Data Protection Regulation (GDPR) which brings with it some unique challenges for hybrid teaching and learning. It can be difficult to know where to start. A typical school handles lots of personal data – much of it about minors – and it must therefore adhere to stricter regulations when handling personal information.

To help educational institutions manage this new reality, Microsoft has put together a set of guidelines aimed at assisting with GDPR compliance. They require institutions to update personal privacy policies, implement or strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training.

Using the new guidelines

The purpose of the new guidelines is to help educational institutions manage the threats that have arisen out of the disruption this year, while also helping them work toward compliance.

The guidelines expand on the concrete examples and to-do lists from the existing GDPR for Education Kickstart Guide – and they need to be read in conjunction with that document. Both assets are aimed at IT staff with basic knowledge of how to manage Microsoft 365.

The new guidelines aren’t meant to be read from top to bottom, either. Instead, each topic that’s referenced in the GDPR for Education Kickstart Guide has a corresponding section in the new document which includes examples and step-by-step assistance on how to do the actual configuration.

That way, readers get a good configuration baseline to build upon for meeting GDPR compliance.

GDPR applies to institutions that have a physical presence in the European Union, organisations that provide goods and services to EU citizens, or that collect and analyse data tied to EU residents. However, educational institutions anywhere in the world can use these documents as a valuable best practice guide, since GDPR are some of the strictest rules globally.

Four clear steps to compliance

In conjunction with the existing GDPR for Education Kickstart Guide – the new guidelines give clear best practice for how to implement GDPR. The process consists of four key steps:

1. Discover – Identify what personal data you have and where it resides

Personal data is often stored in multiple locations, including emails, documents, databases, removable media, metadata, log files, and backups. The first job is to identify where personal data is collected and stored.

2. Manage – Govern how personal data is used and accessed

The first step in managing personal data is to define why you need to collect it in the first place. Ask yourself how it helps the delivery of education. Consider how it should be gathered, where it will be stored, what entities will support that process, who should access it, and how you will enable changes and deletions.

3. Protect – Establish security controls to prevent, detect and respond to vulnerabilities and data breaches

Security is one of the key attention points in our digitalised world. GDPR requirements include physical protection, network security, storage security, computer security, identity management, access control, encryption and risk mitigation. Look at the way you monitor systems, identify breaches, calculate the impact of any breaches, then respond and recover from them.

4. Report – Keep required documentation, and manage data requests and breach notifications

A key principle of GDPR is accountability. You will need to create clear audit trails on processing, classifications, and third parties with access to personal data, including organisational and technical security measures, as well as data retention times. You may need to conduct Data Protection Impact Assessments (DPIAs). A DPIA requires organisations to identify and analyse the impact of a proposed processing activity on the protection of personal data.

Hybrid learning and GDPR: maintaining security and compliance in disruptive times

Discover all the latest guidance and best practice for educational institutions on maintaining IT security and compliance.

Managing security and compliance while transitioning to the ‘new normal’

Our two on demand webinars provide guidance on the management of Microsoft Teams and how to comply with GDPR

Discover more related articles per industry:

Education

  • a woman using a laptop

    Find out how to deliver enhanced education through ‘blended learning’

    Since the COVID-19 outbreak, our education customers have done amazing things to keep students engaged while learning from home. From eLearning innovations, to lifting the spirits with photo and cooking challenges – teachers and students have shown extraordinary resilience during a difficult time. Schools and universities have witnessed the exceptional value that online learning can […]

  • A group of students in front of a school

    PCOU Willibrord uses smart automation to define the future of education

    “It’s all about teaching and giving time to the educators, so they can give time to the students. If we can make IT simple, that’s my purpose, my thing.” Peter Schep, ICT Manager at PCOU Willibrord Foundation, explains why he believes efficient IT is central to the learning and development of both educators and students. […]

Government

Healthcare

  • NorthWest Clinics building

    Northwest Clinics: A new era in virtual healthcare

    “I am generally quite modest – I don’t like to brag about my achievements too much. But in this case, I want to make an exception. I want to tell the world what we have done.” For Ed de Myttenaere, CIO at Northwest Clinics hospital (Noordwest Ziekenhuisgroep) in the Netherlands, breaking with tradition is becoming increasingly normal. In responding to the COVID-19 outbreak, his team have implemented a virtual consultation solution that has the potential to redefine […]

  • A smiling man wearing glasses looking at the camera

    HUS: sharing data securely to make life-saving decisions

    Illnesses and diseases don’t often play fair – an unfortunate truth that was proved by the COVID-19 outbreak in early 2020, heavily hitting healthcare organizations with challenges the world hadn’t seen in a century. Hospitals needed a rapid response to reduce spreading the virus without affecting patient care. A high-pressure situation for any institution, but […]

Manufacturing

  • Mais on a sunny day

    COFCO International: How cloud technologies ensured business continuity during challenging times

    “I have worked at COFCO for 12 years, always in an office. But I have spent the last 63 days working from home.” Marcus Seelbach, Chief HR Officer at global agribusiness COFCO International, is talking from his home via video call about the transition he and all his colleagues have undergone since COVID-19 led to the closure of the company’s offices worldwide. “But thanks to the preparation and […]

  • Etex

    Etex uses modern tools to unite its business and better focus on customers

    When it comes to construction, all components must come together in a timely manner in order to produce the optimum product. While Etex, a Belgian building solution manufacturing company, helps make this a reality on a day-to-day basis, it wanted to find a way to enhance productivity and collaboration internally. With locations across more than […]

Retail

  • HeadBrands is ready for the future with Microsoft 365 Business

    HeadBrands is ready for the future with Microsoft 365 Business

    Since its creation in 2010, HeadBrands has continued to grow, rapidly becoming the leading retailer of hairdressing products in Scandinavia. HeadBrands needed a modern IT solution to increase its business productivity and improve collaboration, both within the company and externally. Its response to this challenge was to replace most of its previous services with Microsoft […]

  • GDPR and Retail: Four GDPR requirements and how Microsoft can help

    GDPR and Retail: Four GDPR requirements and how Microsoft can help

    Learn how we can help you meet GDPR requirements with solutions available today: Assessing your current risk profile “How do I understand where I am already compliant and where I need to focus next?” This is one of the most common questions from retailers in regard to the GDPR. It’s also one of the hardest to […]

Discover more related articles per dossier:

Customer Stories

  • a woman smiling for the camera

    Etex Group: Future-proofing employees to work anywhere across the world

    When COVID-19 spread across Europe in early 2020, businesses entered a new digitally-dependent age. Social distancing measures had asked offices of all shapes and sizes to close their doors, sparking organizations to quickly find other virtual ways for colleagues to meet and collaborate remotely. But for Belgium building material specialist Etex, this was a step they were ready for – having already implemented a cloud-based infrastructure and collaboration tools […]

Digital Transformation

  • a person preparing food in a kitchen

    Humanitas-DMH: empowering key workers with a secure digital support

    “Our goal is to create an environment where people with mental disabilities can feel safe, secure and happy.” Marcella van Kraaij, Digital Transformation Advisor at Dutch healthcare provider Humanitas-DMH, is discussing her organization’s key objectives – and how the technology her team recently adopted is helping it to achieve them. Every day, the carers and […]

Security & Privacy

  • Iceland runs on Trust

    How the cloud helped a small nation realise big ambitions

    In December 2015, the Icelandic government kicked off a digital infrastructure review. With more than 100 different suppliers managed by over 100 IT managers in each public institution, the brief was clear; to simplify operations and streamline IT for over 20,000 users. The solution: Fast forward two and a half years, and a decision was […]

Tips

  • a woman sitting at a table in front of a laptop

    3 key ways Microsoft Teams enriches higher education teaching and learning

    Whether remotely, in class or hybrid , Microsoft Teams helps to simplify and structure higher education’s day-to-day digital environment – integrating seamlessly with all the solutions you’re already using. “My teaching is now entirely based on Teams. The interaction with students and the teacher is a better level than traditional teaching” – Pasi Vahimaa, Professor, […]