Ask students what they consider Personal Data to be?

Student Activity: Think/Pair/Share

Students split into groups of 2, think about the question, and one student from the pair report back (share) with the rest of the class

Then show Slide 3 - Personal data (including name, address, location data, ID number, date of birth, PPS number, phone number, email address, images/videos, online browsing history etc.)

Discuss with class if what they considered personal data was the same as this slide? Did they have other forms of personal data not featured on slide?

Group Discussion:

Ask students who they think have personal data on them?

Then show Slide 4 - Who stores data (school, bank, phone companies, work, doctors, online shopping, Facebook, Google, and many more..)

(Slide 7)

Give students time to look at these principles and ask any questions.

Ask if they had to pick just three as being the minimum they would expect in terms of how organisations should treat their data, what would they be? Why?

Case Study: Jerry Smith booked a holiday of a lifetime round-the-world trip with a local travel agent, but when his travel documents arrived in the post he had been sent all the documents for a Mr G. Smith, including a photocopy of Mr G. Smith’s passport. Jerry telephoned the travel agent immediately to tell them about the mix-up. They apologised and reassured him that his documents were on their way to him. He was therefore shocked when Mr G. Smith telephoned him to say that he had received his travel documents in the post! Should Jerry be worried? Has any harm been done? Should the travel agent be concerned?

Teacher Notes: This case is about: personal information sent to the wrong address; and companies having a responsibility to safeguard our personal information. Jerry was rightly concerned about the whereabouts of his personal information and worried that the travel agent wasn’t taking proper care with their customers’ personal data.

(Slide 14)

Discussion on how GDPR affects everyone and consider what instances might you be responsible for the personal data of another person?

Questions for discussion:

How does GDPR affect you?

(Possible responses here include recognising that your doctor, place of work, school/college, gym, bank, online shopping site, etc. all hold personal data about you.)

Where might you be responsible for the personal data of another person?

We will discuss how some of the students in the class are responsible for this and what steps they can take to ensure they are complying with GDPR.

Scenarios may include:

• An athletics coach who trains young people

• A parent who is Registrar for their local GAA minor board committee

• A business owner who employees people in her restaurant

• A care worker who works part time in a nursing home

Students will be given 20 minutes to compose responses to these questions and will be asked to post their answers on the Google Classroom platform. This can be done outside class time. This allows for sharing and peer learning.