Schools and kindergartens during their operations, collect and process personal data concerning children, students, and their parents or legal guardians. Such data are requisite for the organization of the educational process, the maintenance of official records, and the provision of appropriate care and safety for the children.
The personal data processed by these institutions typically includes the first and last name, date of birth, residential address, parental data, contact information, as well as certain health-related data.
Given that the subjects are minors, the protection of their data is of paramount importance and must be conducted in accordance with the statutory provisions governing the protection of personal data.
The protection of personal data within kindergartens and schools in the Republic of North Macedonia is regulated by several laws, primarily the Law on Personal Data Protection, which establishes the general principles and rules, and further by specific provisions of the Law on Child Protection and the Law on Primary Education. These acts provide detailed regulations on the methods of collection, processing, storage, and use of the personal data of children, students, parents/legal guardians, and employees.
Notwithstanding the requirement for a high standard of care in the processing and protection of personal data within the educational process, certain risks may arise during the processing stage that could lead to a breach of privacy and confidentiality.
The most common risks include:
- Unauthorized access to personal documentation, i.e., access by people who lack legal authorization or a professional “need-to-know” basis for the use of such data.
- Loss, damage or theft of documentation containing the personal data of children and students.
- Unauthorized access to electronic systems and databases, particularly in instances where adequate technical and organizational measures are absent.
- Inappropriate or unauthorized disclosure of personal data to third parties.
- Publication of photographs or videos of children without the prior express consent of parents or legal guardians, especially via the Internet or social media platforms.
- Insufficient awareness and training of employees regarding the proper handling of personal data.
These risks may result in a violation of the right to privacy and the potential for misuse of personal data, therefore, it is imperative to implement appropriate preventive measures.
To ensure the lawful and secure processing of personal data, schools and kindergartens must apply adequate technical and organizational protection measures.
One of the fundamental measures is the restriction of access to personal documentation, whereby documents are stored in locked cabinets or archives accessible only to authorized personnel.
Furthermore, it is necessary to ensure the adequate protection of electronic systems through the use of user profiles, passwords, and other access control mechanisms for information systems.
Concurrently, it is essential to establish clear protocols for the use and sharing of personal data to prevent unauthorized disclosure to third parties.
Special attention must be devoted to the publication of photographs and videos of children, whereby such materials may be used or published exclusively upon obtaining the prior consent of the parents or legal guardians.
Additionally, a significant measure consists of the continuous education of employees to ensure they are appraised of the rules and obligations pertaining to data protection.
By implementing the aforementioned measures, a higher level of data protection is secured and the risk of misuse is mitigated, which is of particular significance in institutions processing data of children and minors. This ensures a safe and confidential environment wherein the privacy of children and their families is upheld.