open, digital, online, education, distance education

GDPR and education: an approach for e-learning in Greek schools

Open Education - The Journal for Open and Distance Education and Educational Technology
Δημοσιευμένα: Jul 7, 2023
GDPR schools personal data e-learning distance education Sars-CoV2
Aikaterini Daoultzoglou

The General Data Protection Regulation, from now on GDPR, was put into action in May 2018. It sets important guidelines that must be adhered to by any entity collecting personal information about individuals residing in the European Union. Amongst the entities that have to comply with the new Regulation are schools. This paper focuses on primary and secondary education‧ it covers a range of controversial issues and aims to provide an overview of a schools’ obligations and responsibilities vis a vis GDPR. It determines major definitions in terms of school reality, enlightens basic blur points, and stipulates what schools as Data Controllers must do. Moreover, the special case of distance learning amidst the Covid-19 pandemic is thoroughly analyzed. Due to rush transition to e-learning platforms plenty GDPR issues occurred and they are presented in this paper. Finally, a couple of possible, mainly technical, solutions are proposed to the difficulties that might emerge in the effort to build a strong GDPR school environment. The importance of GDPR compliance is apparent and indicated in every chapter.

Λεπτομέρειες άρθρου
  • Ενότητα
  • Άρθρα
Τα δεδομένα λήψης δεν είναι ακόμη διαθέσιμα.
Lupton, D., & Williamson, B. (2017). The datafied child: The dataveillance of children and implications for their rights. new media & society, 19(5), pp. 780-794. doi:10.1177/1461444816686328
Aliyu, A., Maglaras, L., He, Y., Yevseyeva, I., Boiten, E., Cook, A., & Janicke, H. (2020, May 25). A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom. applied sciences. doi:10.3390/app10103660
Amo, D., Torres, R., Canaleta, X., Herrero-Martín, J., Rodríguez Merino, C., & Fonseca, D. (2020, October 20). Seven principles to foster privacy and security in educational tools: Local Educational Data Analytics. TEEM. Salamanca,Spain: Association for Computing Machinery. doi:10.1145/3434780.3436637
Ashton, C. (2018). Retrieved October 11, 2021, from Cyber attacks hit a fifth of schools and colleges:
Bergdahl, N., & Nouri, J. (2020, September 2). Covid 19 and Crisis Prompted Distance Education in Sweden. Technology, Knowledge and Learning, pp. 443-459.
Cranor, S., & Spiekermann , L. (2009). Engineering Privacy IEEE transactions on Software Engineering. 1(35), pp.67-82.
Data Protection Authority. (2019, September 10). Decision n.21/2019. Athens.
Data Protection Authority. (2020, September 7). Opinion 4/2020. Athens.
Data Protection Authority. (2021, November 16). Decision 50/2021. Athens.
Dempsey, J., Sim, G., & Cassidy, B. (2018). Designing for GDPR - Investigating Children's Understanding of Privacy: A Survey Approach. British HCI. Belfast,UK: BCS Learning and Development Ltd.
Department for Education, U. G. (n.d.). Data Protection: a toolkit for schools. Open Beta: Version 1.0. Retrieved from
DPA. (2022, January 16). Data Protection Authority. Retrieved July 14, 2022, from
Duncan, A., & Joyner, D. (2021, June 22-25). With or Without EU: Navigating GDPR Constraints in Human Subjects Research in an Education Environment. L@S'21, Virtual Event. doi:10.1145/3430895.3460984
Duncan, B. (2018). Can EU General Data Protection Regulation Compliance be Achieved When Using Cloud Computing? CLOUD COMPUTING 2018 : The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization.
Europe, E. A. (2018). Handbook on European data protection law. Retrieved from
Evers, W.-M. ,. (2021, April 29 ). Massive school data breach shows we need better privacy policies. Retrieved from
Gray, S. (2020, July 21). Artificial intelligence in schools: Towards a democratic future. London Review of Education, 18(2), pp. 163-177. doi:10.14324/LRE.18.2.02
Hellenic Center for Safer Internet. (2018, May 19). Retrieved from GDPR in Schools:
Hunt, T. (2020, August). “Pwned Passwords”, Have I Been Pwned. Retrieved from
Kasim, N., & Khalid, F. (2016). Choosing the right learning management system (LMS) for the higher education institution context: A systematic review. International Journal of Emerging Technologies in Learning, pp. 55-61. doi:10.3991/ijet.v11i06.5644
Kaspersky, G. (2013). Global Corporate IT Security Risks. Retrieved 2021, from Kaspersky Lab.
Katulić, A. (2019, January 23). The obligations of libraries under the general data protection regulation: challenges, approaches, and possible solutions. Vjesnik bibliotekara Hrvatske 61.
Lievens, E., & Milkaite, I. (n.d.). A children’s rights perspective on privacy and data protection in the digital age. Ghent University, Faculty of Law & Technology. Retrieved from
Lievens, E., & Verdoodt, V. (2018). Looking for needles in a haystack: Key issues affecting children’s rights in the General Data Protection Regulation. Computer Law and Security Review, 34, pp. 269-278. doi:10.1016/j.clsr.2017.09.007
Marković , M., Debeljak, S., & Kadoić , N. (2019, February 27). Preparing Students for the Era of the General Data Protection Regulation (GDPR). TEM Journal, 8(1), pp. 150-156. doi:10.18421/TEM81-21
Mougiakou, E., & Virvou, M. (2017). Based on GDPR privacy in UML: Case of e-learning program. 8th International Conference on Information, Intelligence, Systems & Applications (IISA). Larnaca,Cyprus: IEEE. doi:10.1109/IISA.2017.8316456
Mougiakou, E., Papadimitriou, S., & Virvou, M. (2018). Intelligent Tutoring Systems and Transparency: The Case of Children and Adolescent. 9th International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 1-8. doi:10.1109/IISA.2018.8633652
Mougiakou, E., Papadimitriou, S., & Virvou, M. (2020). Synchronous and Asynchronous Learning Methods under the light of General Data Protection Regulation. 11th International Conference on Information, Intelligence, Systems and Applications, pp. 1-7. doi:10.1109/IISA50023.2020.9284341
Murmann, P., & Fischer-Hubner, S. (2017). Tools for achieving usable ex post transparency: a survey,. Retrieved from IEEE Access
Nevaranta, M., Lempinen, K., & Kaila, E. (2020, October 21). Students' perceptions about data safety and Ethics in learning analytics. 2020 Conference on Technology Ethics, Tethics 2020, 2737, pp. 23-37.
Office, I. C. (n.d.). Lawful basis for processing. ( Retrieved December 12, 2021, from
Osano, N. (2021, May 21). The Eight User Rights Under the GDPR. Retrieved from
Phillips, B. (2021, September). UK further education sector journey to compliance with the general data protection regulation and the data protection act 2018. Computer Law & Security Review, 42. doi:
Politou, E., Alepis, E., & Patsakis, C. (2018, February 16). Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity, pp. 1-20.
Raily, R. (2013). ‘Raw Data’ is an Oxymoron, Dataveillance and countervailance. Gitelman L (ed.), pp. 121-45.
Smith, T., Gibbons, N., & Kuncewicz, S. (2021). Retrieved from GDPR:12 STEPS:
Stamoulou, P. (2018). The DPO’s role and responsibilities under the GDPR framework. Thessaloniki.
Stanojević, D., Cenić, D., & Cenić, S. (2018, July 6). Application of computers in modernization of teaching science. (IJCRSEE) International Journal of Cognitive Research in Science, Engineering and Education, 6(2), pp. 89-104. doi:10.5937/ijcrsee1802089S
Unknown. (2018, June 15 ). Data Protection Toolkit - Personal Data Breaches: are you prepared? Retrieved from
Unknown. (2018, March 19). Retrieved from Article 28 Checklist - Privacy & Security:
Unknown. (2021, January). Retrieved from Cyber Security 101 – A guide for schools:
Vanezi, E., Kapitsaki, G., Kouzapas, D., Philippou, A., & Papadopoulos, G. (2020). DiálogoP - A Language and a Graphical Tool for Formally Defining GDPR Purposes. 14th International Conference on Research Challenges in Information Sciences, RCIS 2020.385, pp. 569-575. Limassol: LNBIP. doi:10.1007/978-3-030-50316-1_40
Vejmelka, L., Katulic, T., Jurić, M., & Lakatoš, M. (2020). Application of the General Data Protection Regulation in Schools: A Qualitative Study with Teachers, Professional Associates and Principals. 43rd International Convention on Information, Communication and Electronic Technology (MIPRO), pp. 1463-1469. doi:10.23919/MIPRO48935.2020.9245209
Zhang-Kennedy, L. (2017, May). Multimedia approaches for improving children’s privacy and security knowledge and persuading behavior change. 84. Ottawa.