MRISHO 'M' Abeid Omary

CMALT ePORTFOLIO

0.  Home
1.  About me
2.  Contextual Statement
Dropdown arrow
Dropdown arrow
Dropdown arrow
REVISED 6.  Communication and working with others
REVISED 7.  Specialist Area
8.  Future Plans
9.  Confirmation
10.  Glossary
11. Continuous Professional Development (CPD)
12.  Resources

Certified Member of the Association for Learning Technology

Home     The Wider Context     General Data Protection Act (2018)

5b.  General Data Protection Act (2018) Reading time: 4 minutes

Introduction:

As required by law , GDPR ensures that all users of personal information belonging to someone else must uphold the rights to privacy of said person. Being a learning technologist at a HEI with administrator rights to all learning systems, I regularly interact and deal with cases that may require me to have access to a lot of sensitive user data. For instance: assignment submissions, grades and feedback, usernames, contact information, other personal data.

I am required by law to ensure that I exercise a high-level of discretion and use just the data that I need to fulfill my duties. If I was to use additional data that I do not need or disclose it to third-parties without the user's consent, I would be actively breaching GDPR Law. Knowing this means I have to be very deligent and cautious in the way I interact with information belonging to other users.

Actions I take to ensure I do not breach GDPR:

The following are some examples of actions that I take on a day-to-day basis to ensure that I do not breach GDPR Law and keep safe all user information at my disposal.

  • When I respond to emails in which a student is copied, and I am sharing information about other students, I make sure to remove the student from the email chain and send the response. I also specify in the body of the email that I have removed the student and for what reason.
  • If I am away from my desk but still working, for instance during trainings, I make sure NOT to reveal any information on my device by locking it, closing all programs that contain sensitive data or viewing the information alone ensuring no one else near or around me can see it.
  • Whenever I create guidance using exisiting data from any system, I block out any personal or other sensitive information so that other users do not have access to this, especially when they do not need to. I also do the same thing when sharing evidence of practice with external bodies or other persons for validation or support, similar to what I have done throughout this ePortfolio. For instance: ( view)
  • When I create video guidance for students or staff that is to be shared on a public site, I ensure to lock access rights and allow ONLY users of UWL who need that information. An example of this can be seen here: Guidance for Staff and Guidance for Students . E.g: users who are not logged in ( view) VS users who are logged in ( view)
  • Finally, I also remind my colleagues and other users ( view) to always use our recognised learning or content management systems such as OneDrive, Panopto ( view), CampusPress ( view) or others, because these follow GDPR Law guidelines and allow us to control access for users of the information we are sharing.

In additional to what I have described above, under GDPR law, users are legally able to request copies of their personal information that is held by institutions and also request for their information to be deleted, within reasonable grounds. Since I started working as a learning technologist at UWL, I have seen 3 such requests being sent by former students. In the cases where they have requested for copies of their previous submissions or other personal data, I was able to support with this, and in other cases I directed them to their course leaders for support. With 1 of the case where the user requested for their information to be deleted, I had to direct them to UWL's Secretary and Chief Compliance Officer for further support.

Evidence

Blocking all senstive information due to GDPR Law Message informing users to log in to access the recording resource Logged in users have access to the recording resource Site visibility options on CampusPress Recording accessibility options on Panopto set to specific people An email showing I am reminding an instructor to use our learning systems to share content and other learning resources
Resource 17: Evidence for general data protection regulation

Reflection:

Completing this section has made me appreciate the importance of respecting information privacy and the ways of implementing necessary measures to reduce or remove any possibile breaches of people's personal data. I have also realised how well protecting my own data and that of others has influenced my usual work and private practice when sharing information.

To ensure I remain compliant when performing my day-to-day duties and responsibilities, I often review UWL's IT guidelines, GDPR law and our internal online trainings on data protection and quality. These have helped me ensure I take the necessary steps to avoid any possible problems related to breach and/or loss of data. I will continue to practice the guidelines and the law, and remind my colleagues and others to ensure we all remain compliant when sharing data locally or online.

Last updated: Monday, 12th September 2022 By: Mrisho "M" Abeid Omary