European Universities Boost Data Protections in Light of New Regulation
In May 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. As a result, higher education institutions in the E.U. will have to meet new standards for data collection, storage and use. For universities, it’s a matter of preserving their digital sovereignty. EducPros unpacks the technical and political implications of this important event.
Beginning on May 25, 2018, the abundant data produced by European universities will be subject to the E.U.'s General Data Protection Regulation (GDPR). According to Olivier Kempf, cyber strategy researcher at the French Institute for International and Strategic Affairs, "In a few years, I.T. systems will be processing a billion times more data." He sees the GDPR as a way to protect individual freedoms.
The Ethics of EdTech 16.12.2016
Now universities must decide whether or not to outsource their data hosting. For Marie-Ange Rito, digital director at the University of Burgundy (UB), on-campus data centers "promote digital independence." Others have opted for outsourcing. Instead of renovating one of its data centers for €500 thousand in 2016, Rennes 2 University partnered with another university. Their joint center costs Rennes 2 €40 thousand a year.
Many universities have turned to the cloud for hosting. For Kempf, "The question is not if we will use the cloud but when." Universities' data processing volume is increasing by over one-third every year. Digital specialist Thomas de Gueltzl notes, "If all of the data is processed and stored in a country whose protection standards meet GDPR requirements, the service can be considered. However, you have to keep an eye on data that contains a lot of sensitive information. Schools must ensure that the processing standards are respected by the service provider in strict accordance with information security and access requirements."
Wherever data is hosted, the same rules apply. Per the French data protection authority CNIL, an employer is "responsible for the security of the company's personal data, including data stored in terminals that it does not physically or legally control but which it has authorized to access the company's computing resources." Rito suggests a radical solution: "Stop using management applications on personal devices" in favor of pre-protected shared devices. Awareness is the next step. When it comes to the future of French universities, smart data protection and usage are clearly key.