Go to DBLP homepageGDPR in the Small: A Field Study of Privacy and Security Challenges in Schools
Abstract: The GDPR was enacted to reign in the mighty corporations of the internet. Then, it was unleashed on all organizations, large and small alike. We report the results of a multi-site field study on Italian schools, and the challenges they face to implement the GDPR while running activities full of sensitive issues without an army of legal and compliance officers. The sample study consisted of one kindergarten, ten primary schools, two junior secondary schools, and two secondary schools. We did not find evidence of the privacy paradox (spotless on paper but careless on the field). In contrast, school staff mostly crumble when by-the-book procedures cannot be implemented with the resources that they actually have. We discuss what happen on the field, from critical privacy incidents with potential impact on pupils security and safety, to ‘formal’ privacy incidents for which life is too short to bother-and how a risk-based approach could address them.
External IDs:dblp:conf/sp/CiclosiVM25
Loading