top of page
Red Riding Hood



Picture your students going off to school. The each carry a lot of books, "stuff", in their backpacks. They take different routes to school -- some walk, some ride the bus, some take the subway, some are driven by someone. In this "physical" world, students know a lot about safety because the can "see". They know who is safe to talk to -- the bus driver, a neighbor, a storekeeper along the way. They know not to talk to strangers and they know not to let anyone touch them, not to get in a car with anyone and how to cry for help. No one is anonymous. And students don't give away their personal information to strangers

Going onto the internet is a lot like getting to school, except students can no longer "see" anyone, everyone is an unknown, anonymous. Our students still act as if they can "see" but they can't.

That same student going onto the internet is trusting, freely gives their personal information to anyone who asks -- such as every single site. Actually the sites don't ask for the information, they just take it.

Students don't know what happens to their data after it is given. They don't know that there data is sold and given away to others. They don't know that giving away their name can lead to someone/anyone knowing exactly where they live, how old they are, who their parents are, if they have ever been in trouble with the law, if they have a drivers' license. Someone can know everything instantly.

Students don't know that their personal data can be used to "profile" them so others know what their preferences are and what their secrets are. They don't know that profile information can be used to approach them, target them with messages and manipulate them using effective social media techniques.



This is where GDPR comes in.


GDPR stands for the General Data Protection Regulation but it really is just another way of describing data privacy. The intent of GDPR is for all of us -- citizens, schools, governments, businesses -- to take more care with our personal data and to be more respectful of others' data. GDPR recognizes that our "online" persona should be treated with the same care as our "physical" being.

In schools, it is easy to see why this important. Schools have a long history of taking responsibility for the safety of their students very seriously, making sure the facility is safe, making sure that students are supervised, that medical help is readily available, the list goes on and on. GDPR is another way to keep our students safe and fits perfectly with one of the most important school goals --to provide a safe and healthy environment.

Usually we hear that GDPR is complicated, overly complex, too big and difficult to understand, overly intrusive, expensive, difficult to implement, and carries huge monetary penalties. However, that is less true for schools than others. GDPR was put in place to target industry giants such as Google and Facebook. It also focuses on industries that collect, use and possible sell substantial personal data.

For schools, GDPR has created a positive and beneficial opportunity. GDPR gives us the guidance, or roadmap, we need to create an effective data privacy program in our schools. We are like little red riding hood, in the story, and we now have a way to overcome the wolf.


How To Get Started

Imagine that your school is on board with implementing a data privacy program for all the right reasons

  1. Want to keep student safe and healthy

  2. Want to comply with your country's regulations (slightly different everywhere)

  3. Want data privacy to "work", not be a meaningless paper pushing exercise

But . . .

  1. There are limited resources available

  2. Few seem to know much about data privacy

  3. If they do, it is at a very sophisticated, legal or technology level, not at the "what should I do" level

  4. No one seems to know how to get started, in the school, "on the ground"

The best way to tackle a big, complex project like data privacy is to break it down into manageable chunks . . . and most importantly -- make a minimal investment and just get started. There is so much to learn and most can best be learned along the way with experience, not from reading the GDPR regulation or listening to lectures.

"GDPR Goes to School"™ is different, easier, better!


The "GDPR Goes to School"Method

Much of the GDPR complexity has been removed -- you don't have to know the ins and outs of GDPR, or you local law, in order to achieve data privacy.

This means . . .

  1. "Enough" awareness and introduction so you know the context

  2. Template workbook of 15 modules to implement, all at once or in sequence

  3. Go at your own pace for implementing

  4. Very inexpensive compared to other options

  5. Regular online data privacy project coaching

  6. Plain language explanations

  7. Assistance using best practice to write policies and procedures

  8. At the end of the day, will have organized documentation so you know where everything is, including methods to update and maintain your program

  9. Training resources that go beyond the school and reach the entire school community -- Board, faculty, staff, students and parents

Using the "GDPR Goes to School"™ method will make everyone more aware of data privacy and safer online.

Anchor 1
bottom of page