General Data Protection Regulation (GDPR) legislation has direct implications for the delivery of educational activities. 

It is important to consider data security when gathering, storing or transmitting special categories data, such as student, staff or patient information. 

Some specific examples you may come across are: 

• When delivering Virtual Clinics. You will need to consider the security of both platforms, devices and processes, from obtaining patient consent, to choosing an appropriate system to record and stream the content, to considering how long the data will be held and when it will be deleted. 

• When sourcing images which are already in public domain for teaching purposes or when including unpublished data in your tutorial. 

• When considering or proposing a new teaching or assessment system or application, such as medical simulation software or a clinical sign-off app.  

FEO Secretariat oversee the GDPR compliance and have a wealth of documentation and guidelines.

The Secretariat team have also developed a comprehensive Virtual Clinical Teaching site to help you navigate the process.

FEO Data Governance Manager, Tom Yates will advise whether a Data Protection Impact Assessment (DPIA) needs to be carried out when in order to analyse, identify and minimise the data protection risks.

More general information can be found on the JISC site.