The General Data Protection Regulation (GDPR) is a hot topic at institutions since it came into effect on the 25th of May 2018. In short:
- Single set of rules for all EU member states
- Applies to every company dealing with EU-Citizen data
- Accountability for the principles of data protection
Next to this, as an individual (student and/or staff member) you have certain rights (to be forgotton, informed, to access, etc.) which gives you control over your personal data.
Read everything about the GDPR here.
To help your institution to be compliant for this new regulation, CY2 can assist your institution with a GDPR readiness scan specifically tailored to Campus Solutions or Student Cloud. In this scan, we look at all of the GDPR aspects applicable to Campus Solutions or Student Cloud and related business processes.
The readiness scan consists, among other things, of the following aspects:
Here we look at the individual parts of the system and business processes and which impact they have on the usage of personal data. Think about a certain report, query, data entry page or a business process like enrolling students. All the information is gathered, categorized and scored on importance. With this information we look at the possible solutions in- and outside your application(s). Also note that a PIA has to be done each time you change and/or add an aspect of your application and/or business process.
Here we take a look at the complete security setup including the accessibility to data. Questions like: Who has access to which kind of data? Who is able to maintain security access rights? Is access to pages with personal data limited to only the employees that need access? This will tightly connect with the privacy impact assessment (PIA). Besides looking at the overall security, we also take a look at the use of audit trails to record data changes (who and when), in light of accountability.
Here we look at the possibilities employees and students have regarding their individual data protection rights. Think about the ability for students to maintain their personal data, restrict processing or even be deleted from the system. Together with the institution we determine a solid solution, that connects to the existing setup and business processes.