Higher Education can be a difficult area to be present in as there is several legislations and legal issues that can arise if you are not legally compliant which can impact a whole number of people. Within Higher Education, you want to ensure that you are completely compliant with all the legalities that are in place to reduce the chance of anything occurring. But what are some of the main areas which can help Higher Education institutes ensure they are legally compliant?

What is GDPR and why must we be GDPR compliant?

Since May 2018 GDPR, has been a vital law which covers the privacy of an individual’s data held on record and their permission for it to be used. The GDPR protection act replaced the 28 data protection laws that existed in Europe with a single, clear and definitive regulation to make it easier for cross-border activities to be managed within the EU, providing individuals with universal protection. 

Each company must comply with this law and ensure that they let the individual know if any of their files are to be kept on record and allow them with the authority to request to have it removed from file if they wish to. This same law applies to Higher Education. It is important that GDPR is followed through correctly and remains legally compliant.  

The General Data Protection Regulation rule is currently up in the air due to Britain pending to leave the EU, but rules do still apply if you are studying abroad or operating in Europe, for example if you have a sister University that you work closely with located in France or send studying supplies to and from another country then you will still be liable to following EU GDPR rules.  

If GDPR rules and restrictions are not adhered to then this would be considered as a data breach and important, confidential information could be leaked – for example, a student’s home address or bank details saved by the university for accommodation costs.  

It’s incredibly important that this information isn’t released to anywhere it shouldn’t be and is protected correctly, otherwise lawsuits and other actions could be enforced.  

Why is it so important to have a Higher Education board? 

The significance of a Higher Education board is to make sure that important data protection laws are not overlooked, and that student and partner data safety is at the forefront of any developments within the HE industry. Noncompliance, even if it is done accidentally, can be faced with fines, criminal punishment and cause damage to the reputation of the industries involved. Boards will ensure that an industry has enough of the correct resources in place to adhere to guidelines and requirements to avoid any malpractice.  

It’s also important for a university to understand their role regarding data that they manage. Two of the most common roles are Data Controller and Data Processor. A Data Controller determines the use and manner of which that any personal data will be processed. Then a Data Processor will act on the behalf of the Data Controller to process said data in a correct manner.  

The Data Controller holds the most responsibility and is more liable for being compliant with guidelines. For example, with student recruitment a higher education facility would be regarded as a Data Controller, magnifying the responsibility for correct data protection.  

Appointing a Data Protection Officer ensures that guidelines are met and not just skimmed over, meaning that there is far less room for any breaches. 

Consumer Market Authority and what this means for Higher Education. 

Consumer Market Authority varies from country to country. What you sign up for or purchase in France might not have the same data tracing and protection guidelines as in the UK.  

This means that if an exchange student is coming over to the UK to study for a period or time or vice versa, you will need to become fluent with the data protection laws in that particular country as well as the one they will be residing in during their study. The student should be notified of any of their data that is to be held on record and this should be protected accordingly.  

By ensuring that the laws are known inside out, data breaches are far less likely and both parties, UK and otherwise can ensure that the data is protected from both ends. 

Common issues that occur in HE which might need advice/acting upon immediately.  

There are a number of issues which would require immediate action including cyber security, sexual violence and sexual assault, and online learning.  

Online learning is particular prevalent at the moment with a lot of students working from home due to the Covid-19 pandemic. Students should be advised to work in an environment where they are the only person in the room, for example their bedroom or halls of residence to avoid any disturbance from others and anyone who shouldn’t be overhearing data-sensitive information.

Lecturers, student counsellors and other authoritative members of staff should be encouraged to remain vigilant with data they have access to, and even more so whilst working from home. Computers should be connected via a trusted VPN network and all data from meetings should be stored in a secure and safe drive.   

The Code’s primary audience is members of HE institution (HEI) governing bodies, and its purpose is to identify the key values and practices on which the effective governance of UK HEIs is based, in order to help deliver institutional mission and success. But achieving good governance within institutions does not rely solely on the adoption of the Code itself. Good governance requires a set of strong relationships based on mutual respect, trust and honesty to be maintained between the governing body, the Clerk to the Board, the Vice Chancellor and the senior management team. By visibly adopting the Code, governing bodies demonstrate leadership and stewardship in relation to the governance of their own institutions, and in doing so help to protect institutional reputation and provide a level of assurance to key stakeholders, partners including the student community, and society more widely. The Code needs to be read alongside the governing instruments of HEIs and relevant legal and regulatory requirements that, so far as possible, are not repeated in the Code itself. As the expectations of governance change, this Code itself will be reviewed regularly to ensure that it remains fit for purpose; normally this will take place every four years, in consultation with the sector. 

Higher education is a highly regulated industry at the state and federal levels and the demands from the lawmakers, regulators, and the public continue to increase. There will always be a basic set of regulations that pertain to employment, financial, safety, and environmental regulations. The complexity of regulations for the industry is having a major effect on the compliance culture. Noncompliance, even when it’s unintentional, can lead to fines, lawsuits, and reputational risk. Boards currently play an important role in the compliance culture of an institution because their input will ensure that they have enough resources to fulfil their requirements and expectations for compliance in higher education.