Personal Data Processing in a Digital Educational Environment

Abstract

New technologies provide innovative spaces for cooperation and communication between employers and employees, citizens and structures, educators, and learners. Data protection issues have always been key to education providers, but the proliferation of online learning forms and formats poses new and unique challenges in this regard. When introducing a new technology that involves the collection of sensitive data, the General Data Protection Regulation (GDPR) of the European Parliament and the Council of the European Union requires the identification and mitigation of all risks that could lead to the misuse of personal data. The article discusses some critical points regarding the application of GDPR in online learning. The goal of this article is to investigate the vulnerabilities to personal data security during online learning and to identify methods that schools and universities may apply to ensure that personal data are kept private while students utilize online platforms to learn. For the purposes of the research, the published privacy, and data protection policies of all Bulgarian universities as well as papers on how universities could adapt to the new EU General Data Protection Regulation were revised and analysed. Best practices of some foreign universities in this regard were studied as well.