Pilar Lacoste
Read time: 3 min
In previous articles, we have discussed the implications of the Organic Law for minors and the importance of data protection and privacy in schools: key points for parents. Here, we’ll do a quick recap.
The GDPR (General Data Protection Regulation) was created in 2016 to better protect personal information across Europe. Its goal is to ensure that both companies and public bodies process this data securely and responsibly. Additionally, by unifying rules across EU countries, data sharing is facilitated, bureaucracy is reduced, and businesses gain their customers’ trust.
On the other hand, the LOPD-GDD (Organic Law on the Protection of Personal Data and Guarantee of Digital Rights), created in 2018, promotes policies that make citizens’ digital rights effective, encouraging equality among individuals and groups, and ensuring these rights are exercised in the digital sphere.
Under the GDPR, fines and sanctions can range from €10,000 (or 2% of annual business turnover) up to €20,000,000 (or 4% of annual business turnover), depending on the severity of the violation.
As for the LOPD-GDD, infractions are categorized as minor, serious, or very serious; and fines may range between €40,000, €300,000, and €20,000,000.
Even though we know schools manage data, we’re not always aware of how sensitive it can be.
For students, schools hold information such as names, addresses, educational needs, and health data. For families or guardians, schools may collect phone numbers, email addresses, and banking details for payments.
Regarding school staff, there are contracts, payroll records, schedules, phone numbers, addresses, and more. Not to mention audiovisual content—such as photos and videos—from activities, classes, and events used for promoting the school online or on social media.
💡 Each of these data points is protected under the aforementioned regulations and requires responsible handling.
For a school to comply with the law, it must:
A real case reported by INCIBE illustrates one of the common violations schools make. In Spain, a school excluded a 5-year-old child from activities - classes, concerts, and extracurricular events - simply because the parents did not authorize the use of their child’s image. The school argued it lacked the means to manage it differently (due to lack of time or technical capacity), which caused confusion and sadness for the child. However, regulations state that participation in educational activities cannot be conditioned on consent to use images, as the best interest of the child must always prevail. Full case here.
Following this case, many schools still commit oversights in ensuring data protection, especially for minors, such as:
How can you ensure your school complies with GDPR and LOPD-GDD requirements?
Here are some best practices to implement in your school to avoid infractions, sanctions, and, above all, vulnerabilities in data security:
Complying with data protection regulations is not just another formality: it’s about protecting your community and building trust with families. If your school has not yet reviewed its protocols, now is the time. At Kydemy, we help you manage your institution with secure tools adapted to regulations.
👉 Want to learn more about Kydemy? Visit our website or book a 100% free online demo with our team of experts.
We are here to help you achieve your dreams. If you are interested in learning about our platform we will show it to you with no obligation! Just book a demo with us. During the demo we will analyze your needs and you will be able to solve all your doubts.
BOOK A DEMO NOW!We are happy to help you, just leave us your phone number and you will soon receive a call from one of our experts. Tell us how you want to improve your studio and together we will find the best solution for you.
Thank you for your interest in Kydemy. We have received your information and we will try to contact you as soon as we can.
