My Data Protection World

Simplifying the Relationship Between Schools and EdTech Vendors

8 September 2023

A primary source of confusion and conflict between schools, EdTech suppliers, and other agencies often lies in defining their exact relationships with each other, and the subsequent relationships with the students, staff, and families involved. It should be straightforward – schools as data controllers, and suppliers as data processors. However, issues persist due to the varying circumstances, as pointed out by the ICO Helpline.

Before we proceed, it’s important to agree on specific terms and definitions, consider different perspectives, and then formulate what we believe should be the standard procedure. This article isn’t intended to be a basic GDPR course, or a step-by-step guide, but rather aims to provoke thought and provide pertinent questions for self-assessment, regardless of your role in the process.
Let’s take a quick look at what the GDPR says are the definitions of key terms.

Have you ever wondered what GDPR Compliance means for EdTech Vendors or for Schools?

7 April 2022

I wrote this piece a while ago as a way of pulling together some of the guidance and ideas I have previously shared on X (formerly known as Twitter) and never got round to publishing it. I can’t think why but I have been working on some simpler guidance for EdTech vendors to help them understand their roles when working with and on behalf of schools.

K.I.S.S.

17 December 2020

When I get asked what the single largest issue is with helping schools on their data protection and privacy journeys, I try to stop laughing and explain that you cannot focus on one thing and treat it with a silver bullet. It is never just one thing. Neither is it a bunch of things on their…
Read more