Main Things to Know
Article 22 of the GDPR establishes an individual's right to be informed and be able to object to automated decision making and profiling. Such a process is more commonly used within the admissions department to qualify or disqualify applicants during clearing.
However, there are many practices that could be considered profiling used across the university. For example, marketing and student recruitment often use tools that provide them with the ability to segment, score and target individuals based on specific criteria. In GDPR terms, this type of processing constitutes profiling, and marketers must inform individuals when such practices are in use and have consent to do it. To ensure compliance with this article we strongly advise reading ICO's guidelines on this topic , which can be found on this page. We are also going to outline some basic precautions you can take to ensure compliance below.
What you could do to be compliant:
The ICO offers a checklist of steps to follow in order to ensure compliance, but we have also summarised the most important points below:
You need a lawful basis for carrying out profiling. This can be consent or it can be the fact that this type of processing is necessary for the purposes of the legitimate interests pursued by the University.
You need to inform students about the profiling and automated decision-making that will be carried out, what information is used to create the profiles and where you get this information from.
Any questions? Feel free to start a live chat with a member of our support team or explore the rest of our academy at your leisure.