GDPR in education: is your university compliant?

Sponsored: In light of GDPR implementation, a white paper by NW Security Group highlights holes in educational institutions' data protection policies

By Nigel Peers, Senior Consultant at NW Security Group.

Did you know that only 22% of schools, colleges and universities believe they are compliant with the General Data Protection Regulation (GDPR)? That’s one of the findings of our latest survey on the subject of GDPR in education, and perhaps explains why cyber security and data protection are the hot topics of the sector right now.

Going forward, all educational facilities are required to achieve and maintain compliance with the GDPR. The new regulation has been developed to improve the rights of data subjects and give them increased knowledge regarding how their Personally Identifiable Information (PII) is used. It has also been created as a response to the proliferation of smart technologies, such as Internet of Things devices, which are generating ever-greater amounts of data that cyber criminals are keen to access.

It was, therefore, of great concern to find that, when made aware of a data breach, 14% of respondents to the survey advised they would completely ignore any issues and hope the problem would resolve itself, with only 63% advising they would inform the relevant stakeholders.

“Although awareness of the new regulation is relatively high, compliance is low with many institutions still putting PII at risk of theft or loss.”

The threat landscape is changing; be in no doubt that educational facilities are at risk. A recent report by Gemalto highlighted that in 2017, breaches in education skyrocketed 103% compared with the previous year. It is therefore more important than ever to protect the PII of staff and students.

The general consensus from our findings is that although awareness of the new regulation is relatively high, compliance is low with many institutions still putting PII at risk of theft or loss. There is much to do to ensure complete compliance; but the Information Commissioner’s Office has reassured industries that it won’t clamp down on every facility that isn’t compliant, as long as they are working to put the correct data protection measures in place.

Our latest White Paper details how the education sector is getting to grips with the GDPR and offers best-practice advice to help you work towards compliance. Download the White Paper at https://www.nwsystemsgroup.com/gdpr-education-compliant