Preparing Students for the Era of the General Data Protection Regulation (GDPR)

One of the main goals of the General Data Protection Regulation (GDPR) is to protect the personal data of individuals. Each organization (company, association, school, institution, university, etc.) has an obligation to protect all of the individual data that it obtains. Those data can belong to employees, members, students, clients, etc. The research in this paper is related to the higher education students in Croatia. This study is being conducted in three parts. The first part was conducted in April of 2017 (N=159) and the second in April/May of 2018 (N=141), in a period before the GDPR became valid (May 25th, 2018). In this paper, we are analysing the results of the second part of the study. Additionally, we are discussing risks that might appear if students do not know the GDPR. Risk matrix results are used to represent a basis which higher education administrations can utilize to make corrective decisions. The main conclusion of the research is that there are still issues with understanding the basic concepts of personal data and the GDPR, which may cause some problems during studying process. The main recommendation for HEIs or students organizations (such as student councils) is to organize lectures and workshops related to the GDPR.