ensures that students' fundamental rights are fulfilled and data protection is seamless in school

The European Union and the EEA member states continuously discuss data protection and its importance because of the digital leap and technological developments. In the field of Education, this has recently been one of the most discussed topics – especially when it concerns mostly underage students. Public sector as well as private education providers have the same question in their mind: how should the EU GDPR and national laws be implemented in practice in Education? 

How to implement data protection laws has clarified the laws in cooperation with cities and created a continuous data protection process to enable schools to implement data protection laws. This process is called the Privacy Framework. In accordance with this Framework schools can take care of data protection step by step and guarantee a data protected learning environment for every student.

Briefly stated, the Edudata Privacy Framework consists of five main subdivisions, which are Administrative tasks, Leadership decisions and management, Awareness, Customer satisfaction and external communication, and Impact and Risk Assessments, which includes the most important and time-consuming task in data protection management: Data Protection Impact Assessments (DPIA) for every site and application used.

Seamless data protection 

The tasks mentioned above are the responsibilities of each education provider to organize and implement in schools. These tasks can be complicated, expensive and time-consuming if handled without the right system and processes and the help of legal consultants. Edudata estimates that processing data protection without help can cost on average 70 000 € plus 215 working days in a year. was founded so the school and education provider can manage the data protection process effectively and correctly, as a result of which the students' rights to data protection are fulfilled. ensures that schools can implement every part of the Privacy Framework and that the biggest job, i.e. Data Protection Impact Assessments – can be managed in one place, and that each assessment is done based on the recommendation of a GDPR Legal Advisor. 

Students have the right to data protection in School 

Every student has the right to see every application and site used by the school, where the education provider may possibly store and use the student's personal data. By the law, the student and his/her/their guardian can make a request for information which must be provided by the school within one month of the request. Answering this request and searching for this information from 300 applications can be challenging in such a short time. 

With students have the opportunity to see a list of all applications and sites used from their own easy-to-use application. This allows awareness of data protection and how applications use the students' own personal data. The students can also see if the school has done everything necessary in terms of Data Protection Impact Assessment, and see if the application is safe to use. 

Now with data protection is seamless and handled transparently, and students and their guardians can be sure that their fundamental rights are taken into account in school. In addition schools receive full information on how to implement GDPR and other laws in school, and how can they manage the whole Privacy Framework cost effectively and in a structured way with help of local GDPR Legal Advisors and the power of modern software. 


Angelika Toivanen, Head of Marketing and Communications,