GDPR, data protection and remote learning

Written by: Lynne Taylor | Published:
Image: Adobe Stock

In a world of online learning, data protection has never been more important. Have you got your bases covered? Lynne Taylor advises

In recent months, schools have had to adapt rapidly to the new normal of remote learning. There is no doubt that teachers, parents and pupils alike have demonstrated great resilience and dedication during this period, but distance learning has also brought increasing challenges and dangers.

Online platforms have been instrumental in enabling students to continue learning, but there will unfortunately always be dangerous individuals who are willing to exploit such situations to steal from or harm young and vulnerable people. Data protection has never been more important and in certain cases is the first line of defence in safeguarding.

It is vital that the importance of data protection procedure is recommunicated to teachers during this time, whether they are currently working from school or remotely. This is especially true for teachers who are working from home, as the risks are even higher. With students communicating on a range of unknown and “unmanaged” devices, the dangers escalate.

Using devices securely

It may feel like it goes without saying, but when using any device, schools must ensure school staff are taking great care over what websites they visit. Users should only visit trusted sites, and avoid downloading or opening any attachments from sources they do not recognise.

Teachers should also be aware that they must avoid sharing a device at home, unless there is the appropriate access control to the areas they use for work. This is also true for their family members. While school staff should already have been trained in data protection and therefore should know what is safe to access and what is not, other family members may be less vigilant.

It is essential that all teachers are reminded to check that their devices have the latest security installation updates and that they have appropriate and updated anti-virus and malware. Additionally, there should be a school IT security team available at all times to advise teachers and staff.

Utilising free resources

A wealth of free resources and support have been created in recent months to support schools, teachers and parents to help with remote learning. Many are superb and the authors must be congratulated. If a system can be used which involves no data to be entered, no registration and no file downloads, and is within a secure website which displays “https”, then it should be safe to use.

However, no website should be used which asks teachers or students to enter personal data without thinking it through. The website’s privacy policy must be checked and simple due diligence should be carried out. Somewhere on the website or in the privacy policy will normally be details of who they are and how to contact them. If the information is not there, either this organisation genuinely wants to help but does not have the process in place to keep data safe, or they are not what they seem. In either case do not expose students to the website.

Reporting concerns

This is a stressful time, meaning things can easily be forgotten or side-lined, which is why it is important to remind teachers and staff that if they believe their device or emails have been compromised then this should be immediately reported.

Keeping communications safe

When contacting and receiving messages from students, teachers should be instructed to assume that every student device may be compromised. Of course this is unlikely, but it is imperative to be as cautious as possible in these circumstances. There is a great website you can use to check if your email address has been compromised:


One simple way to help safeguard students and teachers alike, is by ensuring that no personal information is shared through these channels. If personal information is requested from a student, they should be instructed to pass this message on to a member of school staff.

Finally, while video-conferencing has been wonderful, all students and staff should be properly briefed on the fact that they must never turn on their video for a person they do not know. Equally, no one should make a recording unless express consent has been obtained before the recording takes place.

  • Lynne Taylor is the founder and co-CEO of GDPR in Schools (GDPRiS) and founder of ParentPay. Visit

Further information & resources


Please view our Terms and Conditions before leaving a comment.

Change the CAPTCHA codeSpeak the CAPTCHA code
Sign up SecEd Bulletin