Abstract:

Since the introduction of General Data Privacy Regulation, privacy issues have been put under special attention. Although business entities depend on the personal data of their users, the provisions presented by the modified privacy framework are applicable to higher education institutions (HEI) as well. The teaching process itself mostly depends on accessing, collecting, and sharing student's personal information. Furthermore, the processing and analysing the student’s success of studding is crucial in order to improve the quality of study programs and the study process in general, as well.

This paper describes the implementation of the GDPR principle at a higher education institution in the Republic of Croatia. The steps that were needed to ensure the realization of all student rights, as well as the obligations of HEI regarding the securing of privacy throughout the teaching process, are presented. Implementation included the performance of inventory data, the establishment of records of data processing activities and records of privacy breaches.

The procedures outlined can be seen as an example of good practice as HEI can align with the requirements of privacy, whereby all pedagogical standards, the achievement of the learning outcomes of a particular study program, as well as the transparency of the student evaluation process is insured and provided.

Keywords:

GDPR, teaching process, higher education institutions.