The UG is unable to delete data on students and staff in various software bundles. That means the university is not in compliance with the General Data Protection Regulation (GDPR) and the Public Records Act.
The issue was revealed when the university board answered questions from university council member Mathieu Paapst, assistant professor of IT and privacy law.
Software bundles like AFAS and Brightspace collect different types of personal data. It now turns out the university has issues archiving and removing data.
The university is in violation of regulations on deleting personal data as well as the Public Records Act, which regulates how data is allowed to be saved and archived.
It turns out that the UG is unable to easily delete data on students and staff and that lecturers can see what students do in Brightspace without the students’ knowledge.
According to the university, it’s ‘technologically impossible’ to remove data from the current bundles. But in an article with IT journal AG Connect, software company AFAS says this is incorrect.
‘That particular process is definitely possible in the UG’s application, but they’re probably lacking in knowledge, experience or time, which is why the UG hasn’t done it yet’, Hans Roozen, AFAS process and application manager, says in the article.
The UG is currently looking into a solution. ‘We also use other archival programmes. We looked more broadly at how to best comply with the various data storage periods of all our different systems’, says spokesperson Anja Hulshof. ‘We want to make sure we get it right, and that takes time.’