Privacy rules for schools
As a primary or secondary school, you are obliged, just like other organisations, to comply with the general rules from the General Data Protection Regulation (GDPR).
On this page
A number of rules from the GDPR that are important for schools:
- Pursuant to the GDPR, schools have a duty of accountability. This means, among other things, that schools must be able to demonstrate which technical and organisational measures they have taken to protect the personal data of pupils.
- You draw up a processing register for your school. The processing register contains information about the personal data that you process. You update this register when your processing operations change, or when new processing operations are added.
- Furthermore, an obligation to provide information applies to you. This means that you inform pupils and parents about the processing of personal data to ensure that they know which data you collect about them and what you do with these data. The information must be concise, simple, accessible and understandable, especially for pupils.
You ensure that your pupils (or their parents) can exercise their privacy rights. Such as the right of access.
Tip: The teaching package 'Privacy' of the Dutch Data Protection Authority provides pupils from groups 7 and 8 of primary schools with the tools to make their own decisions about their personal data. Teachers can download the teaching package free of charge