AnsweredAssumed Answered

How can an institution comply with the GDPR in the EU concerning personal data?

Question asked by Tobe Baeyens on Apr 19, 2018
Latest reply on Sep 25, 2018 by

According to the GDPR: Institutions in the EU have the obligation to ensure that personal data are "limited to what is necessary".


Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which those data are processed.


Canvas does collect data from students that access Canvas at home. A teacher is f.e. able to see when the exact time that a student did access a course or an item in the course. How does this comply with the GDPR? Is it necessary that a teacher can see at what hour and at what minute a student did click on a link in Canvas? Will the GDPR allow this? Can this Canvas feature be turned off?