This week the new “General Data Protection Regulation” will come into effect all over the world, not just within the EU, and it will affect many organisations that use any kind of data of a “natural person” (subject). Who uses our data you ask? More entities than you think! What first comes to mind are companies like Amazon (shopping) or Facebook (social media), but really banks, hospitals and schools or universities use sensitive data that people provide about themselves.
Data breaches can happen anywhere
Recently Greenwich University was in the news for having been fined £120,000 by the information commissioner for a serious personal data breach of 19,500 students online. The data included names, addresses, dates of birth, phone numbers and in some cases physical and mental health problems. The main issue causing the information to be leaked was that it was placed on a microsite for training purposes that hadn’t been secured and closed down afterwards.
This example clearly shows how easily sensitive data can be compromised even without the awareness of the organisation. Under the new law financial penalties for data breaches like this can cost organisations up to 4% of annual global turnover or €20 Million, whichever is greater. Greenwich University has paid their fine, but especially in the education sector budgets are often very tight and it would consequently mean that the school or university has to cut spending, which could obviously affect their students and staff. So, data protection comes at a high price in the future and many organisations have invested a lot of money in upgrading their online data protection systems.
We’re all in it
However, Barclays Bank have identified the weakest link in online fraud and identity theft as parents on social media, also known as “sharenting”. The bank points out how parents can reveal sensitive information of their children by posting “their place of birth, mother’s maiden name, schools, the names of pets, sports teams they support and photographs”. Such details could be used to access their credit cards or online accounts even later once their children are adults. And as social media giant Facebook has admitted to sharing their users’ data without their consent for political campaigns, data protection is more important than ever with GDPR hopefully improving and raising standards amongst all organisations, but also private people.
Educational institutions therefore not only hold a responsibility to ensure their own data is safe, but also to educate students, families and professionals about ways of protecting their own as well as others’ information in the online world. Google is already ahead of the game with their online course called Be Internet Awesome, which was developed in collaboration with online safety experts such as the Family Online Safety Institute, the Internet Keep Safe Coalition and ConnectSafely. It focuses on key lessons like “Be Internet Smart: share with care” or “Be Internet Strong: Secure your secrets” to help students navigate the online world safely.
GDPR comes into effect this Friday, but it’ll hopefully have a long-lasting impact on how we all deal with online data in the future, leading to new innovations in this field.
I’m an early years professional having taught in Germany and London over the last 18 years in various settings and schools in state and private education. I have developed an interest in digitalization, writing and blogging.