Imagine this: You’re outside the Dean of Admission’s office at your dream college, waiting for your interview. Your heart is beating out of your chest and you’re trying to control your shaky hands. The Dean invites you in, you sit down, take a deep breath and start to say something, when she opens her computer to display a rather embarrassing picture that you sent to a friend–a picture you thought was private.
This may sound like a crazy situation, but unfortunately, it’s an all-too-common reality.
The threat of personal data leaks is real; and whether we like it or not, the European Union has created a series of laws (General Data Protection Regulation, or GDPR) meant to protect us. Below, we try our best to break it down to better understand the laws and how they affect us.
What is GDPR?
According to EUGDPR.org, “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today’s data-driven world.” The site states that this “is the most important change in data privacy regulation in 20 years.”
Basically, over time, our presence on the internet has really started shaping into an identity that goes further than just our phone numbers, addresses and pictures, and has morphed into more of a representation of who we are as individuals. It consists of our experiences, opinions, and of course, personal data. ITGovernance.edu states that, without GDPR laws in place, our names, identification numbers, location data, and online identifiers including physical, physiological, genetic, mental, economic, cultural or social identities could be shared with data collection companies.
To better understand this, read Medhi’s article about why you need to know more about internet surveillance.
So, how does this affect you?
Here’s a more visual way of understanding your new rights under GDPR. Click to read more carefully.
What’s the school doing about GDPR?
The short answer: a lot. In fact, AISB sent employee Laura Amza for extensive GDPR training, complete with a data protection exam. She now has the title, “Data Protection Officer,” and along with a leadership and communications team, has put regulations and processes in place to ensure the following:
- All of the data your parents share with the school during the application process is being kept in a secure place. If the school needs to access your personal data, they need parental consent first as per Article 8 of the GDPR .
- Everything that AISB shares online must be secure and GDPR-compliant. The school does this by:
- Manually going over all of the pictures being shared online and making sure that the school has consent from the parents of each child in the photos.
- Working with legal counsel to create new policies and systems to comply with this regulation.
Amza says that this is a work in process, and that “while implementing GDPR at AISB has been a very costly and time consuming process, the actual implementation brought improvements in data management and enhanced the school’s cyber-security.”
What can we expect moving forward?
This has been a big change and has happened very quickly. AISB Manager of Admissions and External Relations, Catalina Gardescu, says that, “Our parents, teachers and students feel much more controlled, and unfortunately there is no way around it because anything that comes out from the school. [An email, a Tweet, a Facebook post] has to be GDPR complaint or else the school is liable.”
Gardescu and Amza say that this will take time, but they understand the frustrations. But it’s important to understand that this is as much of a hassle for the school as it is for parents and teachers.
While this is just a brief overview of GDPR, hopefully at least now you understand a little about what it is and why it was put in place earlier this year. If you want to find out more about GDPR at our school, feel free to look over the new Privacy Agreement, contact our Data Protection Officer, Laura Amza or even just leave a comment on this article.