Due to the coronavirus pandemic, digitalization has been accelerat in many places, including schools. The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW) has now published information on the data protection-compliant use of digital systems in North Rhine-Westphalian schools. This guidance for schools is based on the latest amendment to the North Rhine-Westphalia School Act (SchulG NRW) lessons in NRW.
Amendment to the NRW School Act lessons in NRW
- Section 120, Paragraph 5 of the NRW School Act (Student and Parent Data) reads as follows. The school may process personal data of students and parents for the australia business fax list use of . Digital teaching and learning materials. Insofar as this is necessary for the school to fulfill its tasks . This applies accordingly to the use of teaching and learning systems and work and communication platforms, including video conferencing systems (Section 8, Paragraph 2); within this framework, students are obligated to use them .”
- Section 121 (1) of the School Act regulates the same for teachers’ data, “insofar as this is necessary for the fulfillment of tasks in planning and determining teaching needs and conducting lessons […]. This applies accordingly to the use of teaching and learning systems and work and communication platforms, including video conferencing systems (Section 8 (2)); within this framework, teachers are obliged to use them .”
Who is responsible for data protection?
The LDI NRW clearly presents the data protection responsibilities of the individual bodies for digital systems.
Since the digital systems are us by schools to fulfill their educational mandate, each individual school is responsible for the data processing . Carri out in this context. The wms: warehouse management system respective school management is responsible for ensuring appropriate technical and organizational measures so that. Among other things, the deletion provisions can be compli . With (cf. Section 1 (3) Sentence 1 of the Ordinance on the Data of Pupils and Parents Permitted for Processing – VO-DV I, Section 1 (5) of the. Ordinance on the Data of Teachers Permit for Processing – VO-DV II). The school management therefore makes a significant contribution to . Ensuring that the school acts in compliance with data protection regulations.
RW
The above-mention Sections 120 (5) and 121 represent the essential legal basis for data processing. These provisions may be supplement by provisions of the VO-DV I, VO-DV II. The DSG NRW, and the GDPR. However, email data the digital systems are only. Permissible if they can be configur and configur in such a way. That they serve only school .Purposes and the general GDPR requirements are met. In this regard. It can be noted that data protection-compliant . Use can only be assess on a case-by-case basis with regard to the individual system.
Video conferencing tools and messenger services
However, schools are responsible for the email addresses us, the content data data protection information, data protection-friendly default settings (e.g. access with password, deactivat camera/microphone, no attention indicator), transport and content encryption .