CHALLENGES FOR THE IMPLEMENTATION OF THE GDPR IN HIGHER EDUCATION INSTITUTIONS IN PORTUGAL
Universidade Portucalense Infante D. Henrique (PORTUGAL)
About this paper:
Conference name: 11th International Conference on Education and New Learning Technologies
Dates: 1-3 July, 2019
Location: Palma, Spain
Abstract:
The General Data Protection Regulation that came into force on the 25th May 2018 has been the centre of discussion within the administrations of the Higher Education Institutions, Data Protection Officers and the CNPD (National Committee for Data Protection).
Accountability for the breach of the Regulation and the leakage of private data is one of the biggest issues, as it is, at the moment, virtually impossible to determine what data is to be considered private, either by identifying or making the person identifiable.
Portuguese Higher Education institutions were, and are not prepared for fully meeting the rules set forth by the regulation. This lack of preparation is not due to the lack of legal provisions, as the Regulation directly applies in all Member States of the European Union but rather because the specificities of such an institution are not completely in sync with the letter of the law. The Right to be forgotten, for instance, shall not apply as there is the obligation of keeping records of all students and alumni. The same applies to thesis and dissertations that are to be made public as they are considered a contribution to knowledge and should be accessible for all those who want to deepen their knowledge in the subject in question.
If in the one hand assuring data processing is handled in a proper manner is a simple task to perform, given the mapping and verification of employees profile accesses, the same can’t be said about other aspects of the GDPR, as the understanding of its application to certain Institutional particularities, was not yet reached.
There are basic and fundamental principles that may be breached in case Higher Education Institutions decide to follow the GDPR in its full scope, which will be, in the end, the only way to do it, as the need to comply with EU can't be put aside by any national legal or practical constraint.
So, let’s see… The principle of transparency, for instance, deeply collides with the GDPR. How will grading be transparent and accessible to the general Public if Personal Data can’t be disclosed?
This is where the concept of private data becomes more confusing within the Higher Education Institutions.
We will undertake a deep legal analysis of the regulations, the concepts therein foreseen and try to find a solution for the development of a manual of best practices applicable to all Higher Education Institutions in the Country. Advisory measures issued by CNPD will also be analyzed within the scope and reach of the GDPR.
Issues such as determining which information can and shall be disclosed to the general public, or if the principle of transparency is to be cast aside by the CDPR. Questions such as if students grades and ID numbers are a personal data, as well as the right way to inform the students of their grades will also be clarified, as well as the access to the scientific repository.Keywords:
GDPR, Higher Education, EU Law, Transparency, Best practices.