 Okay, so thank you very much for that introduction, Martin, and forgive me, free reign on the microphone, although I'm not sure whether that's a good thing, giving an Irish man free stage to start talking, he could be here for a while. So my name is Mark Lynn and I work for Dublin City University and if I had responded to Martin's queries on time, we probably would have had a bigger audience here because I didn't give enough information to promote the session, so my apologies for that one, but the session will be recorded and no problem with anybody sharing it with you and if interested I can answer any follow-up questions afterwards if you have that interest there. Just in terms of what we're doing and what elements we're going to be chatting about, I've broken down the talk into an introduction to ourselves, to myself and to our organisation and then just a little bit about GDPR because I'm sure you're all overjoyed by the culture that is coming up but also boards to tears with the introductions to GDPR, so I'll always true that as quick as possible but what I want to do is focus on them with specific reference to teaching awareness, specific reference to GDPR in the classroom. I'm not here to chat about the data you collect in your research, I'm not here to talk about the data that your institution may collect on you or anybody else, just teaching awareness is what we'll focus on. I've labelled a section on GDPR myths and this is basically responses that I've got from staff when I've mentioned GDPR or when I've explained GDPR to them and I've came up with four, the four the most popular ones and what I'd like to do as well is ask you to contribute to those when the time comes within the discussion section, within the webinar, within Blackboard Collaboration and then I want to finish off really by giving some classroom examples and saying what we currently do and what we will no longer be doing and indeed what we currently do and we're still able to do with GDPR when it comes in on May 25th. Okay, so that's what we're going to cover and let's kick into it now. So DCU, Double City University, just by the numbers, we've over 17,000 students, I believe actually close to 18,000 students. We've over one and a half thousand staff when you start including impact on distance academics, that's an awful lot of staff added on top of that. We are still cast as what's considered a young university, we're established in 1989. We were the closest UK equivalent to it beforehand. We were like a polytechnic, we're in super higher education from 1981 to 1989. Not quite a direct comparison, but the closest to it. And we were, I was saying that Vertico was upgraded to a university in 1989. We are spread across three academic campuses and we have five faculties and 28 schools. I'm very aware that within your institution you may have schools and departments or you may have departments and faculties or whatever. It's the same thing just different labels. So five faculties and 28 schools. Because we're spread over three academic campuses, it makes my job a little bit harder and we have to do everything in triplicate both hopefully the same message is spread across the 28 schools. Each one of those schools run their own programs and they don't typically tend to have learning technologists or learning design people within it. They're typically made up of administration staff and academics and the learning design and learning technologies don't central. Okay, excuse me just taking a glass of water there. We have a couple of networks that were involved in and a couple of what I refer to as badges. That we quite proudly stick out on our chest. Obviously the university rankings were the top 50 under 50. We are very much a believer of the 18 a swan initiatives which I think it's five of our four of our five faculties. The deans are female and when you go down into 28 schools, it's a strong mix of females as well. And we're involved in two key networks, European networks. The European consortium of innovative universities and the young European research universities. And I will mention them specifically later on as it relates to some of the research that we're doing related to teaching and learning. I head up the teaching enhancement genus. So our goal, I'm not going to read through it there. Mission essentially and it's there in front of you, but we are responsible for five different elements. So developing staff, helping with curriculum design and issuing out teaching and learning awards. We actually have our main teaching learning boards on tomorrow, but we also issue out small bursaries to support staff. And we foster and support scholarship teaching and learning by encouraging staff to to write articles by co-writing with with staff and indeed by by mentoring their their own applications or indeed publications that submissions are pulling in. But the very last one is loop. Loop is the family of learning technologies that we use. And it's particularly relevant today because all the data is in there. So what is what is in loop loop is Moodle is our learning management system. Our virtual learning, our virtual webinar rooms is managed by Adobe Connect. We have our plagiarism text matching services. Well, at first call it our text matching services by Orkin. We recently moved from turn it in. And we also have our video capture system is Unicam. And I say video capture as opposed to lecture capture. And again, we'll get on to that later on. And then we also have Google Drive and everything that goes with the Google Drive suite. So that's where the data comes into it from from from my point of view from my unit's responsibilities. Just for those of you that may not be aware, there's this thing called GDPR. It is coming out on May 25. Again, I don't particularly tend to need slides word for word within there for you to go through. And actually, as Martin said before, the instruction, a copy of all these slides will be available for you to cook, paste, plagiarize, harvest, whatever term that you feel comfortable with. I've no problem in using this if there are any benefits to you whatsoever. So that's what GDPR is. But as I said at the start, what I want to do is focus on the teaching and learning data. So focus on the assessment data, focus on the VLE data, focus on the lecture capture data and get your views as well. I'm not here claiming to be the oracle of knowledge here on learning as much as you are. What I'm doing here is really just giving our own account of what's happened in our own institution. But the focus very much for me is on the teaching and learning side. We have great data protection people here. Martin and his colleague know, not for one second what I want to take their job. But it would kill me by anything else. But it is, to me, the focus is on teaching and learning for today's session. In terms of the who am I, I am a multitasking. I'm the fellow on the left-hand side of the screen there wearing more hats than the bono. But what I am not is I'm not a solicitor. I'm not a lawyer. I'm not a judge. I'm not a legal person of any stretch of imagination whatsoever. So in recording, you have it now. Here's what I'm saying is my experience and thought it is not legal advice. And please don't take it as so. Okay. And you'll hear me repeat that on several occasions throughout the session. So in our institution, and I've no doubt it's the same as your own. In our institution, we get our students to register every single year. And they may just be rolling over from first year to second year, second to third and so on. But we get them to re-register every year and register the first time when they come into us from secondary school or wherever avenue they've joined the university. But what we now have to be more conscious of, and I'm not saying that we weren't conscious beforehand. I'm not saying that these rules didn't exist beforehand. Because they did through our UK and Irish and international data protection regulations before May 25th. But what we're very conscious of now, before our student sign on the dotted line, we're very conscious of security of the data, privacy of the data and releasing the data and then limiting the collection of the data. And I'll go through each one of them in their own right. But the security of the data literally comes down to make sure we don't let the wrong people see the data. We don't let the data be leaked out about it. And it's something we might have been blasé in the past, or we might have realised that we shouldn't be sharing with certain people. And that's something else that we need to get to. And that also follows on to the privacy of the data. So who sees what assessment Marxist students got? So Vicki, Sue and Al, they're all in the same class. Is it okay for Vicki to see Sue's grades or Al to see Vicki's grades? And we go into that. And then there's the deleting of the data. Part of the new legislation is this whole thing about the right to be forgotten. But can you delete a student's assessment data? Should you delete a student's assessment data? And then there's the delimiting of the collection of data. And I'll give you a real example of that. We asked our students to tell us how long they're spending on particular assignments. And we got an array of responses where like 40% of them said they spent less than one day on an assignment. On the same survey, 30% of the students, and referring to the same assessment, 30% of the students said they spent more than three weeks on the data. But we limited the collection on purpose. We told them it was an anonymous survey and it was just their views we were looking for. But after reading that data and interpreting it, I'd be asking, oh, God, I would have loved if I had had the student name so I could have actually came back into their profile to figure out what grades they got in the assignment afterwards. But because we limited the collection on purpose and we had full transparency with the student and took the route of anonymous things, we couldn't just collect data just for the sake of it in the hope that we might use it again. So what's new? And for me, this is, I got this quote from a colleague, some more analogies around to me, is our accountability, is the fines, is the money, right, associated with it? The legislation was there before, has been there before, and nothing major has changed. There are slight important changes, but the biggest one is our accountability and the money up to 20%, oh, sorry, up to 4% of our GDP of our turnover is what we could be fined. And up to 20 million, I think, was one of the latest figures, I think, back around. And for organisations like our own and like so many other people here that are in the audience where we're having cutbacks left, right and centre, we can't afford to be hit with these fines. We will be hit by them if we breach them, but we can't afford to be. So we must do our utmost to make sure that we take action to avoid it. Okay, so, and this is a bit, and I have another, just one more slide after this, which is very wordy, and then we'll get it in straight into the midst. And please, if you do have any questions or comments or anything along those lines, please feel free to text them in or interrupt at any particular stage. Or if you feel more comfortable to leave them to the end, I've no problem with that either. So here are the principles of GDPR. Again, I won't read through each of them in turn, but I do want to concentrate on the top one. Because concentrating on the teaching and learning side, I want to concentrate on being, are we being fair? Are we being transparent in what we're doing and the data that we're processing? Are we doing it lawfully? So I wanted to hone in on that, particularly the last one, the lawful processing, because this is where people make no mistake in my opinion. Again, very wordy slide, but because I'm not a lawyer, because I'm not of the legal background, I've literally cut and pasted it so I didn't make any personal interpretation and therefore a mistake in presenting this data to you. But like the last list, you can read through it at your leisure there. I'll leave it up for a while. But I want to concentrate on the top two, the consent and the performance of a contract. So I'm just going to give you a second to read through that slide, and then I'm going to come back to the top two. Okay, being academics, sorry, being academics, we have probably learned the art of speed reading, so I won't leave the blank space for too long. But I do want to come back to the top two, as I said. Consent and performance of a contract, right? You are not going to get consent for everything that you do from students just from a practical point of view. We have, as I say, just over 17,000 students, and one student turns around and says, well, no, I don't want you to use my data and give it to Terminine or to give it to Orca. But if that's part of the service that we provide and it's part of the requirement of the college, well then consent doesn't even come into it. It is performance of a contract. If a student said, well, I don't want my data being shared with our institutional researcher to report metrics back to the higher education authority, a student has no choice. That is performance of a contract. Somebody might turn around and say, well, I want to profile the students within our institution. That's not part of the contract. That's something we need to have consent. And the difference with consent is come May 26th, if we're just to avoid any confusion, come May 26th, the day after the legislation kicks into offense, is consent has to be explicit. They have to opt in rather than opt out. So in the past, you used to be able to say, if you disagree with a tick this box, but you can, you assumed consent in that case, you can no longer do that anymore. So for me, as educational institutions and teaching and learning issues, we need to push more towards the data that we collect under the performance of a contract rather than under the heading of consent. So I will just get to your questions until it's just in a second. But as much as we can do to push it on the performance of a contract, it's just a tighter piece. It's a more secure element for when it comes to lawful processing of it. Now, there are bits that we won't be able to push in. And that's where consent is required. I mentioned profiling as one of them both and sending additional data or additional information to them. But if it's required as part of the contract, well, then it's something that just gives us more of a solid standing. And that's not just because I'm concentrating on consent and performance. That's not saying that the others are equally valid, the legal obligation, the protection of the public interest, legitimate interest. And you might, in the case of learning analytics, be able to push something under legitimate interest. However, I think consent and performance of a contract are the ones that we will use most as a sector, not necessarily saying they see it specifically. But as a sector, I think we'll use more of the consent and the performance of a contract rather than the others. So, Sandy, just coming back. A general disclaimer and notice for recommended technologies. Very good question. For me, what's happened in the last couple of weeks, we have sent around the notes to staff saying what technologies to use and the array of technologies that we've got. And to be honest, and our staff, I would put up against the best of them. I'm very, very proud of our staff, but there are some of them that the practices they have, they've been given away email addresses and given away student numbers and given away all sorts of different excuses. And given away out of ignorance more so than out of complicit breaking of the law or explicit breaking. It's not good practice. So what we are doing, you may have seen a presentation there last week or two weeks ago, possibly from Moodle, we're a Moodle institution where they have actually recommended and they've built a plugin to have specific policies. So wherever possible, we're going to have a specific policy for each technology that we use and that we endorse. Not ones that are additional, but ones that are part of the course. And this is why I was asking about using Echo 365 or Blackboard Collaborate or Urk and all else of it. So we're going to have a specific policy for them. And then we will look at individuals that use Twitter and Padless and MindGarden and a variety of other bits and pieces. But it is something that I would welcome discussion on what other people are doing in this area because I don't claim to be an expert on it. I can only share the experience of what we've done and what I know others have done. But to try and list and get consent for everything or indeed have them listed on your VLH shirt to hand on this piece of string. It's just it's incredibly loud. So we are and it's something I will share with you and share with everybody here the wording when we finally agree it. But I will share the wording that we will be using for Moodle, for Adobe Connect, for Urk and for Unicam and any of the other central services that we will be putting on. I'm just waiting on our legal people to actually approve that for us. So I want to move on and talk about myths. And again, this is something that I would welcome your contributions here in your comments in what you came across with regards to GDPR. I'm going to pull up four to start the conversation and then I'll open it up to the floor to add in some more after that. So just recapping really on the last slide. Some people have turned around and said to me, oh, well consent is required for everything. This is going to mess this up. We're going to have to get consent for and the students have to actively take off that they consent for turn it into our data. They consent for Adobe Connect to have their data. Absolutely not. There are seven different categories as I went through seven different options on the awful process and consent is only one of them. And for me, the biggest one I emphasize again, the biggest one we want to push all of our data. We are actively pushing all of our data through is under the performance of a contract. And because it's so easy for students not to give consent. And that's not taking away from their right. I don't mean to belittle their rights whatsoever, but so easy for them not to give consent and then what you do then where you left. The dark data, I love that phrase Alison. I've never heard it before, but with her permission, I'd like to use it again. The dark data that concerns me the assessments, the feedback and they reside on the academic PCs. And you know what I found out recently? Some of them reside home PCs, not even their university property. I'll frighten the practices that came across. And they said, well, I need a particular piece of software. So I need to use my own laptop. The school doesn't supply me with a laptop or they only supply me with a PC and other laptop. And I need to go into the classes to present this stuff. But then they have an Excel spreadsheet, which has all the students grades on it. Or they might, as you say, have all the feedback there. Yeah, it is the dark data is really worrying. So, number two, students can now get all of their data deleted. And I'm glad Alison mentioned that dark data because related to that is their dark data. They can't delete their assignment data. We have monthly meetings, as I'm sure you do in your own institution, where we have amongst other things, we discuss students who have put in a request saying, oh, I started my degree 20 years ago and I only got a year three, but then had to drop out for whatever reason. I now want to come back and finish off my last year. Well, if we deleted all their data, if we deleted their assignment submissions and their results and everything, we couldn't facilitate on those lines. If we deleted data, we couldn't stand over our data that we report to the higher education authority or to the Department of Education. If that data doesn't exist, if the students choose to delete us, it leaves holes and weaknesses in our reporting. So, no, students can't delete all of their data, plain and simple. They cannot do it. It is up to us to explain, and I mean us in the collaborative term, all of us as educational institutions, to explain to them what data they can delete and what data they can't and explain to them why. And that comes under the transparency element of the legislation. So any idea, Vicky has just put in any idea on how long they should retain the data. I've found different institutions have different policies in place. What our data protection people are endorsing is an approach of collect as little as possible and store it as little as possible. And then we'll trip ourselves up as little as possible. So, and minimize the amount of data that you're collecting and minimize how long you store it for. We have a year and a day for hard copies and electronic copies of individual exam scripts and I believe of the marks, we store them indefinitely. But a year and a day, I think, for exam submissions. But again, I'm not saying that's the best way to do it, but that's just the way that DCU have chosen, the approach we've chosen. Another myth which didn't get the biggest amount of laughs because the last one's got the biggest amount of laughs was GDPR only affects organizations if you're in the EU. We have a campus in Saudi Arabia and somebody from Saudi Arabia says, I should GDPR doesn't apply for us. And it does. Wherever you have, even if it's only one EU citizen in your data set, you're subject to GDPR. And actually, and it is good data and I give out or it is good legislation. I give out about the four letters of GDPR and it's giving me nightmares at the moment and the volume of work that has generated. But I still think it's good legislation. And so do others. Canada are looking at what GDPR is doing to the US, they're looking at what GDPR is bringing in. So it is recognized as a good move, but I'm not denying that it's a pain in the neck for us at this moment in time. What about retention of student generated data such as form posts? This, Henry, thanks for that comment. Generating a huge thing here. Again, we're very lucky where Moodle has been very proactive and actually look, in my opinion, in a very thorough way as to what a student can delete and access and where the students come to music. But say, for example, a student in your first week in the class is part of orientation. You say, okay, students, get on the discussion forum and teach yourself. Give me some information about yourself. That's personal data. So for me, we have to be able to actually have steps in place to manage that personal data. There are or there may be facilities where you can genuinely delete because of a student's right to be forgotten, delete student data. But does that compromise the data that is left behind? And this is where we need to start having more conversations on what exactly is meant by that. How is Henry using a discussion forum versus how Alison is using it versus how Elizabeth is using it and what data protection implications does that come up with? And we encourage our students now to be using portfolios and maybe doing blog posts on external engines. We've made the conscious decision to provide Mahara as one of the tools in loop, provide that e-portfolio functionality. But I one of your organizations, one of insisting they use WordPress or insisting they use Weebly and what are the data implications of that? So yeah, there's a huge conversation that needs to be had about this and within your institution. And we need to look at that. The last one, and this really did make me laugh. The higher education institutions will not be fined because of our public bodies. Now this was an incredibly intelligent colleague of mine. But when he turned around and said that comment and said, she was just taking money from one pocket into the other pocket. And so we're not going to be doing that. It is absolutely no way. All organizations are subject to elements of GDPR, including the fines and including everything that we do in terms of breaching it. And I used the example to answer this colleague and good friend of mine. So I'm not trying to belittle him by any stretch of imagination for data protection reasons I won't mention his name. But I turned around and said, we have 17,000 plus students. So we have 17,000 little princes and princesses, daddy's little princess and mommy's little princess and mommy's little princess and so on. And my own daughter, my little princess is in here in fourth year and finishing up now the next week or so. So when they get comments, when people use their data and maybe put comments on a feedback or on a discussion form or write something, one of those 17,000, their parents may be a solicitor. One of those 17,000 may take exception to something that's said about them or something that's done to them, I say, in inverted comments. So I actually think higher education institutions are actually exposed to be one of the sector's most vulnerable to GDP or prostitution. And I don't mean that vulnerable in how we manage our data, but I mean it in so far as the amount of people that will be putting in these requests and will be analyzing exactly what we're doing. Because when we fail as students, we're essentially sending a message home to the parents to say, well, they weren't as good, they didn't meet the standards that we expect and maybe that makes us upset that particular parents or that particular solicitor or what else happens. So I genuinely do think that HE institutions are at a risk and should take GDP or very, very seriously. And what I'd like to do really is end on that note just for a second to give you some time to country your opinion on that last point, please, just in the discussion form, just type in the bottom please. Don't be shy. There's no comments coming in, but feel free to add in more comments again. Do you think that we will be more subject to prosecutions or scrutiny? Yes, good point, Spiky. Because we're charging fees, there is that whole students as customers. And I'm not saying, Nora, am I saying that you agree with either? I'm not saying that we should treat students as customers, not at all, but there is that perception. So I do think GDPR will apply, should apply, and by correlation, the fees, the breaches, the penalties, they will also apply. Let's put it down to, I'll move on, but if anybody else has any specific comments, I'd be delighted to come back. And we can chat about them, but those myths, essentially, different responses I've got from staff on going around to schools, telling them about the legislation. So what I want to do now is move on to, and I refer back to Alison's dark day to comment, move on to storing data on your computer. Just one phrase, don't do it, right? Not on your personal computer. Here in DCU, I'm sure it's the same in your own institutions. The laptops, the work laptops are encrypted. So they're safe and secure, and if, God forbid, if they're robbed or left on a bus or whatever, remotely RIT guys can do some magic and turn that laptop into a brick. It's no use to anybody, it's encrypted, they can't get in and give the data. So just don't store your data on your personal computer. However, there are circumstances where our staff have came to us and said, well, I don't have a staff computer, or the staff PC, but I need to use my laptop in the classroom. I do my correcting at home. And well, in that case, I would then use the cloud storage as recommended by the institution. So in our case, the cloud storage solution is Google Drive. That's recommended and has the appropriate security constraint in place that's offered by the university. They don't support OneDrive. They don't support Dropbox. So I would be encouraging as good as they all are at those particular solutions. If it's not supported by your university, I would look elsewhere, to be honest. Mobile devices as well as laptops are an issue. Again, in DCU, we have, if you want to access your mail and your ID, we all have Google accounts. So if you want to use your Google account on your mobile phone, you must sign up to the DCU privacy policy and it puts an encryption on your phone. But so many students send you data on their phone. And their emails might not be secure and encrypted and so on. So storing data on your personal device, just be conscious of that and try wherever possible to use the university recommended or institution recommended system. There are reasons why they don't have a free-for-all and allow you to use all sorts of different bits of uses. This is what I call the name and shame. And this brought up the most contention when I mentioned it to staff. And just to explain what I've done and these are made up results and made up student numbers. But when I was in college in 1992, I first started and my student number was 92768793. And I still remember my best friend's student numbers and I still remember the person who was above me on the list and the person who was below me on the list. So that anonymized, I say in a vertical comments, spreadsheet that you place up on your notice board or you place up on your VLE isn't actually anonymous. It's what's called pseudo-anonymized. You can identify students. Their students can identify their fellow students on that grade. So that is actually a breach. That is a breach in legislation. There is one exception which I will get to later on. But that's a breach in legislation. So please don't do it anymore. Whether you use Blackboard, whether you use Canvas, whether you use Moodle, the VLE is the solution to do that. But what I can't emphasize enough is established practice doesn't make it right. And the whole, oh, it didn't kill me. It made me stronger or it made me more competitive. So I really wanted to see how it did. Established practice doesn't make it right. So please what we're encouraging our staff to use is the VLE solution because, and I do appreciate that screen is a bit small, fictitious students there, Alex student, Kira student, Danielle student, Dara student. But when I put in 89 into a grade for Dara, for Alex, only Alex sees that and only Kira sees her grade of 87 and only Danielle sees her grade of 90. What that does is it has an added bonus effect for our institution because we can identify students. This particular assignment, let's just say, was in week four. So we can identify students who are at risk in week four as opposed to waiting for the end of the semester when each lecture takes their data off their own laptop on their own Excel spreadsheets and puts them all together into the student record system. So it's actually a win-win for us to use the VLE as a solution. And not only are you complying with legislation, but actually you can have a setup that allows your institution to intervene or save, and I say that in the third comes, and also a lot easier. I just think depending on your setup, if metric numbers are used, email address is often easy to reverse and look up names. Absolutely, absolutely. It's so easy for data to be none other than pseudo-anonymized and, indeed, retrospectively reversed. So the VLE is your solution. And people will say the VLE is dead, and I've heard that out in the Kansas the amount of times. Now at this age of data protection, it's even more reason why the VLE will go and continue to go from strength to strength because it is a secure institution provided and managed system to help manage that dark data again, just quoting a term from earlier on. In terms of data protection, and I am going to waste through these because I'm conscious of the fact I've been rabbiting on for 45 minutes now. The one thing that has came out here, again, won't re-crew them one by one, but to be forgotten from a teaching and learning perspective, there's certain bits that you just can't forget. God, I know I'm still in therapy over so many students, I'll never be able to forget them. I'm scared for life, or maybe they'll say to me they're scared after I go to my classes, but joking aside, there's some things that we just can't forget. If we are going to perform this contract for it that we have with the students to provide this service of their qualification, we can't forget their assessment details. We can't forget their feedback details. So we just have a duty to explain to students why we're holding on to the data and what we're doing with the data. We do need to give them that portability, and again, we're very lucky with the platform that we've chosen that enables us to export the data, a student to export the data, but I do appreciate that's different for every institution, but with Moodle it has made the process very, very easy and we're delighted with that. Getting on to and something that we haven't been as good as we should have been, or at least I couldn't stand over it to be transparent with the students to explain to them what we're using the data for, and if we are profiling the data to provide the logic or the processing that's involved. But I come back to a comment. I said in one of the first slides, when it comes to profiling, you are better off getting consent as opposed to it going under your performance of a contract. What I want to do now is I'm going to finish off on a couple of slides just to show you some real examples of what we have done pre-GDPR and what we'll be doing post-GDPR. So just looking at the diagram on the top left-hand corner, so the bar chart, or for anybody that's a chemist that looks like an IR spectrograph. That is our data, our Moodle data. Every click a student took on the BLE for the last six years. So what's that? One, two, three, four, five years. But that's even though there's a unique identifier and it's not a student number, that's not anonymized data. However, we can look at it, we can anonymize the data and look at that and see when we need most support or what the key features are of Moodle that's being used in this particular case when we can take the system down in order to roll it over to next year. All these sort of stuff. We can analyze that data absolutely no problem. The bottom left graph, so the ones with the sort of crooked lines, that is a list of modules and I have them coded there according to each one with its colored line. That tells us whether a student, how quick into the semester, based on student interactions, can we predict whether a student will be successful in that module or not? That's got specific student data in there. We actually sent out an email to every student on a weekly basis saying based on your current level of interaction with the VLE when we compare it to our last five years of data your chances of success are X. That's profiling. We need to get consent from students for that. The biggest diagram on the page where we are looking at the use of the different elements across the same modules as it happened but the different features within the VLE, that's anonymized. That's perfectly fine. We can use that data to improve the way we do our training, improve the support we provide but also to improve the course design when we're talking to individual lectures. Absolutely no problem. We can still do that. If we looked at the other data and we looked at the one on the left-hand side, the color data gives each student a rating out of nine based on their interactions and we need to be careful on who has access to that data. But there are clicks, there are interactions with the modules. A different version, different visualization of the same data is in the top right-hand corner. We're looking at, for an individual student as opposed to the class list but the individual student we're looking at their interaction based on the class average essentially to go with it. And just to reassure you if you do manage to be able to see the size six font on the screen the data is fictitious. So don't worry about that whatsoever. The bottom right-hand corner and here's something of the performance of the contract. I would say oh, I would appreciate your opinions. The performance, so in green gives the assignment deadline if they've met the assignment deadline it goes green if they've gone past the assignment deadline it's red. So that's telling us whether students are at risk because their assignments details and indeed the grade relative to other students in the class. That's part of a contract. I think that's perfectly legitimate to end up doing that. And lecture capture and I noticed a question that's in here lecture capture and webinars is a very interesting element. From a very basic let's start with the webinars we now can see that Leo is here and Sima is here and Martin is here and when somebody else looks at the recording they'll be able to see that. So that's data. That's attendance data but it gets a little bit more complicated when that becomes what I call sensitive data. So biometric data if Martin decides to speak or if Leo decides to speak or if Leo puts up an image of himself and that's in the recording that opens up a whole can of words. And also you should never have done it in the first place but a lot of lectures have done it where they have a webinar from 2017 and they share it with the 2018 students but maybe the participants in this webinar actually gave their personal views or had their voice was there or their video was there maybe they took over the webcam at some particular stage. Huge implications. Also lecture capture somebody mentioned earlier on that it's default that the lecture capture is on for everybody. Well that has to be signed off as part of the contract. I would personally would have arguments whether it is part of the service that's provided but that's a stance your institution would have to take. You cannot, you absolutely cannot assume consent so you would have to argue that as being part of the contract. That would be my opinion on that. Again stating back I am not a lawyer but my interpretation of it would be you cannot interpret you cannot assume consent for those recordings so that would have to be stipulated from the onset. Okay There's my contact details mark.glin.dcu.ie and as promised there sorry I don't have it there my apologies I've emailed out a link to the slide I thought I actually had it in my last slides. That was fascinating overview hopefully the audience got a number of questions answered but we've got a couple minutes left if there are any follow up questions people would like to ask Mark obviously this is quite a big and complex area so hopefully you're I suppose one question is how are you all being supported within your own institutions are are GDPR workshops available to you have you had much communication from senior management about GDPR wonder Mark if you could perhaps say a couple words about some of the practicalities at DCU how are you approaching this or is it a mixture of workshops and communications to staff a few of us have been and I used this tab by a country of fact I've been recorded a few of us have been volunteered to be GDPR champions in my role it makes sense for me to be involved but there are representatives from each faculty and indeed from a selection of schools in different units that are GDPR champions we have gone to several training courses I can total if I remember rightly but equally from my perspective I'm going around 28 schools and essentially from a shortened version of this presentation so that's what we're doing we will be putting in a statement on GDPR for Moodle Adobe Connect Mahara and and Unicam that will go in the front page so when the user comes on to Moodle on the 26th of May they will have to tick the box to say that they are aware of this but they accept these things and it's like that Ryanair policy that's on the side book of flight when I won't let you move on to the next page until you tick the box they will not be able to participate in the learning technologies until they accept it it's not a consent, it is part of a contract and for each one of those elements so for Adobe Connect we will have this is what we're using it for this is where the dubs has been storage this is our data protection agreement with that company and here's the contact name we will have that we haven't collated as yet but we are getting there you mentioned some third party tools like and Twitter is your approach to date to be to say to staff that you can't mandate the use of these tools to avoid we're asking them to re-examine why they're using them in the first place not to say that the practice is bad by any stretch of imagination but we want to make sure in all cases university based technologies as well as the free tools that they always lead with the pedagogy and in some cases oh this is the shiny new toy this is the thing I should use it because everybody else is using it and so on we're then asking them to say okay well be aware of what data is collected and why it's being collected so in terms of who would say for example you're not asking them to sign up with their username and emails and if you are why are you doing it? what's wrong with being anonymous? in the case of Twitter or Facebook some people would say well I don't use it really but I use Facebook instead because that's where all the students are well in that case you need special permission from the students to use it or it's part of the contract what they need to be aware when they sign up to the course that the transparency they have to sign up to Facebook I don't know there's no sort of golden rule that works for at all we have with Twitter and indeed Facebook for example shown lectures how to embed each one of those social media tools into Moodle which means that if you decide not to sign up to Twitter or not to sign up to Facebook you're not missing out so but again we ask we ask lectures why are they using this why are they using this technology and then why are they not using is there not a university equivalent that they could use I suppose another consideration is whilst GDPR population has been basically on the books for at least a year it's not being tested in court so there's no case law around this I guess we're also waiting to see what happens after the 25th of May in some of these areas it is it's a labyrinth of different there's so many different variants it's hard to give a distinct answer I'm noticing here with she who I actually think I know who it is but he still the questions have been asked indeed forcing students to get their personal data to turn parties beyond the institution good question if I give you an example we have a publisher and we don't quite use it McGraw-Hill we've teamed up with our chemistry school and first year assessment is based on well one of the assessments is based on the online quiz material that's provided by McGraw-Hill so the third party at the University of San Emperor is the publisher I know people get a bit catchy when you start talking about the Twitter's and the Facebook's and all these other things the one I just mentioned there it's a Tory party no different than the social media companies in respect of sharing the individual data with them Mind Gardens is a really interesting one that's psychometric testing that's gone a little bit deeper than asking somebody to post a note on Padlet which again can be anonymous there is the thing and I definitely know who the G is based on their IP address of computer profile and so on there is an argument and I don't even dream of describing myself as an IT expert but YouTube videos say for example if the student looks at YouTube and it's embedded on your noodle page or blackboard page or whatever your video choice is in theory they have in practice they have your IP address I'm not sure how practical we can be by saying well we're not sharing the IP address so we're not allowing them to use video I'm not sure how that will work out in practice versus theory I mean to have all the answers I'm not allowed I suppose there's going to be a degree of the sector working out in terms of usage in terms of the features of you include widgets what information they're sending back and what I love about the open source community we were talking about when everybody else joined us and I go to open source what I love about the open source community is we share that information we share oh this is what I do this is what I've heard somebody else does and I would actively encourage people through ALT and through whatever other networks you have is to share what you do because that's how we will learn from one another I think the worst thing we could do is actually ignore GDPR and address it upfront and then share our experiences I think if we don't get it right first time around or the second time around I don't think the signs will be as harsh as if we had totally ignored it and decided to not do it so I think try something I wouldn't assume somebody mentioned about presuming it's policy so it's okay you need to check that the policy is actually accurate and takes account the new legislation for GDPR it's tighter than who are GDPR compliant you need to explain to students what you're doing with them and you need to if there's an exchange of data beyond that would sound like I said about the IP address but if there's exchange of institutional data like student number and email address you need to have a data protection agreement in place with them conscious of time so I'd just like to thank you Mark for taking time to share some of the really valuable pieces of information that you picked up along the way I suppose one of the big takeaways is what GDPR is helping us to do is being more transparent about how we use data, how we collect data within learning and teaching and I think that's a great conversation to be having so thank you very much Mark and as I mentioned we'll put a recording up on the event page and we'll also include Mark's link so thank you very much Mark no problem at all and as I said I don't claim to be a lawyer but if I can help out with advice from experience I'm more than welcome to