Digital systems and tools

As a school, you work with digital systems. For example, you are obliged to use a pupil monitoring system in which you register personal data of your pupils, among other things. You can also use other digital teaching tools, such as apps. The use of such tools often entails processing personal data as well. This means that you have to comply with the rules from the General Data Protection Regulation (GDPR).

On this page

Pupil monitoring system

In the pupil monitoring system, you, as a school, keep track of the progress and results of pupils, of classes and of the school as a whole. In doing so, you therefore systematically map out the learning achievements and development of your pupils.

You can also include other data in the pupil monitoring system, such as data about absenteeism and health.

Privacy risks associated with digital teaching tools

Processing personal data of your pupils through the pupil monitoring system, apps, digital teaching programmes, e-learning platforms and other digital teaching tools offers attractive opportunities. But it also entails risks.

Unauthorised persons may gain access to sensitive data of your pupils, such as information about the social and emotional development, learning achievements, the citizen service number (Dutch BSN) and the health of your pupils. And that is not how it is meant to be. Because what happens in the classroom should stay in the classroom.

GDPR rules for digital systems

When using a pupil monitoring system, for example, the same rules from the General Data Protection Regulation (GDPR) apply as the rules for the pupil record. When using digital teaching tools, also pay attention to the following points: 
 

  • You need a legal basis for processing personal data of your pupils. Possible legal bases are consent, performance of an agreement, statutory obligation or a legitimate interest.
  • As a controller, you always remain responsible for the personal data that you process. Even if you outsource that processing to a third party, such as the provider of a digital application or app. Moreover, you have to conclude a processing agreement with that provider to ensure that it is you who decides what happens with the data of your pupils.

Do you share the data with a country or an international organisation outside the EU? For example, because the provider of the tool has its main establishment outside the EU and stores the data there? In that case, specific rules apply.

Privacy story

Thanks to Jennifer (36), her daughter starts secondary school with a ‘clean’ file. ‘Why must something from the past continue to haunt us?
 

Moeder en dochter