Pencil

Hybrid learning and GDPR: maintaining security and compliance in disruptive times

Vânia Neto

Vânia Neto

Education Sr. Product Marketing Manager | Microsoft Western Europe

Read Time, 4 min.

Like most areas of society, over the past six months the education sector has had to face challenges unlike any before.

Students thrive when they have access to personalized learning. As schools have moved quickly to adapt to remote learning, using technology to create new experiences that meet students’ needs has become more important than ever. At the heart of the new learning experience is a strong foundation of security, privacy and compliance, empowering both students and educators to work within a safe and secure environment, and open up new opportunities for innovation.

The education sector has a large, complex landscape to navigate when it comes to security, compliance, and laws like General Data Protection Regulation (GDPR) which brings with it some unique challenges for hybrid teaching and learning. It can be difficult to know where to start. A typical school handles lots of personal data – much of it about minors – and it must therefore adhere to stricter regulations when handling personal information.

To help educational institutions manage this new reality, Microsoft has put together a set of guidelines aimed at assisting with GDPR compliance. They require institutions to update personal privacy policies, implement or strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training.

Using the new guidelines

The purpose of the new guidelines is to help educational institutions manage the threats that have arisen out of the disruption this year, while also helping them work toward compliance.

The guidelines expand on the concrete examples and to-do lists from the existing GDPR for Education Kickstart Guide – and they need to be read in conjunction with that document. Both assets are aimed at IT staff with basic knowledge of how to manage Microsoft 365.

The new guidelines aren’t meant to be read from top to bottom, either. Instead, each topic that’s referenced in the GDPR for Education Kickstart Guide has a corresponding section in the new document which includes examples and step-by-step assistance on how to do the actual configuration.

That way, readers get a good configuration baseline to build upon for meeting GDPR compliance.

GDPR applies to institutions that have a physical presence in the European Union, organisations that provide goods and services to EU citizens, or that collect and analyse data tied to EU residents. However, educational institutions anywhere in the world can use these documents as a valuable best practice guide, since GDPR are some of the strictest rules globally.

Four clear steps to compliance

In conjunction with the existing GDPR for Education Kickstart Guide – the new guidelines give clear best practice for how to implement GDPR. The process consists of four key steps:

1. Discover – Identify what personal data you have and where it resides

Personal data is often stored in multiple locations, including emails, documents, databases, removable media, metadata, log files, and backups. The first job is to identify where personal data is collected and stored.

2. Manage – Govern how personal data is used and accessed

The first step in managing personal data is to define why you need to collect it in the first place. Ask yourself how it helps the delivery of education. Consider how it should be gathered, where it will be stored, what entities will support that process, who should access it, and how you will enable changes and deletions.

3. Protect – Establish security controls to prevent, detect and respond to vulnerabilities and data breaches

Security is one of the key attention points in our digitalised world. GDPR requirements include physical protection, network security, storage security, computer security, identity management, access control, encryption and risk mitigation. Look at the way you monitor systems, identify breaches, calculate the impact of any breaches, then respond and recover from them.

4. Report – Keep required documentation, and manage data requests and breach notifications

A key principle of GDPR is accountability. You will need to create clear audit trails on processing, classifications, and third parties with access to personal data, including organisational and technical security measures, as well as data retention times. You may need to conduct Data Protection Impact Assessments (DPIAs). A DPIA requires organisations to identify and analyse the impact of a proposed processing activity on the protection of personal data.

Hybrid learning and GDPR: maintaining security and compliance in disruptive times

Discover all the latest guidance and best practice for educational institutions on maintaining IT security and compliance.

Managing security and compliance while transitioning to the ‘new normal’

Our two on demand webinars provide guidance on the management of Microsoft Teams and how to comply with GDPR

Discover more related articles per industry:

Education

  • a person sitting on a chair in a room

    Bridging the education gap in challenging times

    Across the globe, teachers, students and parents are dealing with a new reality: how to adapt to an educational environment that has moved from the classroom to the internet. As in many countries, the remote Faroe Islands, more than 300 kilometres off the coast of Scotland in the North Sea, has found the lives of […]

  • a person sitting in front of a laptop computer

    SSVOZ: Making distance learning a personalized experience

    When this period of remote learning is evaluated – without a doubt, some of the techniques we’ve used will have a more permanent place in the classrooms of the near future. Antoon Fens, IT Coordinator at Stichting Stedelijk Voortgezet Onderwijs Zoetermeer (SSVOZ), explains the critical role technology has played for education in the Netherlands, during […]

Government

  • Ineco

    Ineco improves employee productivity with modern tools and AI

    Struggling with software doesn’t help people get more done. Likewise, if sharing files and collaborating on documents is difficult, productivity takes a hit. Ineco, a Spanish public sector company, understands this, which is why it set out to change the way employees interact with technology and one another. By deploying Microsoft 365 to its over […]

  • Iceland runs on Trust

    How the cloud helped a small nation realise big ambitions

    In December 2015, the Icelandic government kicked off a digital infrastructure review. With more than 100 different suppliers managed by over 100 IT managers in each public institution, the brief was clear; to simplify operations and streamline IT for over 20,000 users. The solution: Fast forward two and a half years, and a decision was […]

Healthcare

  • a woman standing in front of a screen

    Istituto Neurologico Carlo Besta: providing essential patient care from a distance

    “Telehealth was a technology we’d been planning to implement for a couple of years. But then almost overnight everything changed – it became a must-have platform the hospital needed today.” Francesca De Giorgi, CIO of Italian research hospital IRCCS Carlo Besta, reflects on the recent challenges her team faced when social distancing measures imposed by […]

  • logo

    Why trust is the essential ingredient in healthcare digital transformation.

    My phone had scarcely stopped ringing for weeks. Now it was ringing again. “Veronica,” said the voice at the other end, “we have an idea!” Immediately, I recognized who it was. I’ve known Carlo Tacchetti for almost as long as I’ve been at Microsoft. He’s a professor at the Vita-Salute San Raffaele University and the […]

Manufacturing

Retail

  • Picture from the back of a person attending a Teams meeting with 2 colleagues, discussing about a furniture fabric.

    Zuiver: Supporting both business and culture through technology

    “Since moving to the cloud, there are no limitations anymore. And I’m certain without this technology, we would not have seen the growth we have today.” Jaap Landsaat, CFO and Head of IT at Dutch furniture designer Zuiver, is talking about the profound impact technology has had on the business he co-founded more than 20 years ago. “Back then, we had 100 orders a week […]

  • HeadBrands is ready for the future with Microsoft 365 Business

    HeadBrands is ready for the future with Microsoft 365 Business

    Since its creation in 2010, HeadBrands has continued to grow, rapidly becoming the leading retailer of hairdressing products in Scandinavia. HeadBrands needed a modern IT solution to increase its business productivity and improve collaboration, both within the company and externally. Its response to this challenge was to replace most of its previous services with Microsoft […]

Discover more related articles per dossier:

Customer Stories

  • Two female nurses having a virtual conversation through Microsoft Teams

    Belfast Trust: Reimagining patient care

    “There have been many heroic actions by our staff but we’re not heroes for what we’ve done – I’m just glad we could do our bit to help.” Paul Duffy, Co-Director of IT and Telecommunications at Belfast Trust, is talking about the monumental impact COVID-19 has had on the healthcare sector and how virtual consultations […]

Digital Transformation

  • a person preparing food in a kitchen

    Humanitas-DMH: empowering key workers with a secure digital support

    “Our goal is to create an environment where people with mental disabilities can feel safe, secure and happy.” Marcella van Kraaij, Digital Transformation Advisor at Dutch healthcare provider Humanitas-DMH, is discussing her organization’s key objectives – and how the technology her team recently adopted is helping it to achieve them. Every day, the carers and […]

Security & Privacy

  • Sofie Lindblom sat with Surface device in boardroom

    200 billion reasons why companies must face up to the challenge of cyber security

    200 billion. That’s how many connected devices there will be worldwide by 2021. It’s an incredible number – and one that’s going to have massive implications for the way we live and work. Today, everyone is mobile. We can work from anywhere and share our work and our passions seamlessly from device to device. The office cubicle is a relic; work has never been so fluid. It’s a wonderful thing – but it creates a big challenge. Security. […]

Tips

  • Lady on a Teams call at her computer

    5 reasons why you should start using Microsoft Teams today

    Collaboration and teamwork are the defining characteristic of modern organisations. Since its launch, Microsoft Teams has become the fastest growing app in Microsoft’s history with more than 330,000 companies worldwide using it. If you’re working in one of those companies, then you’re probably finding new ways to use the app on a daily basis. But […]