EdTech and GDPR 2026: handling student data the right way

EdTech vendors are GDPR processors. Schools are controllers. Most products you can find on the market today fail one of three checks: minimisation, parental consent, retention. Here's the playbook that doesn't get rejected on the first DPIA review.

Pattern 1 · Minimise by default

Collect what the curriculum needs to function · not what marketing wants. If a math-tutoring app needs the student's grade-level and subject, that's it. No address, no phone, no profile photo unless there's a teacher-led reason. Default OFF for any optional analytics.

Pattern 2 · Pseudonymise in analytics

Student progress dashboards run on hashed user-IDs. Real names live in the auth service. The reporting service never joins. This means engineering can debug + analyse without ever seeing PII, and a breach in the analytics layer doesn't expose names.

Pattern 3 · Parental consent flows for minors

Age-of-consent varies by country (13 in many, 14-16 in some EU members). Don't hardcode 13. Build a flow that picks up the country (locale + DNS), checks the threshold, and routes to a parent-email verification when needed. Re-prompt on age-changes around the threshold.

Pattern 4 · EU-only hosting, documented

Data lives in EU regions. Frankfurt, Amsterdam, Dublin · pick one and document it in the DPA. No model-training opt-in by default. If LLM features ship, use EU-region inference (Azure EU, AWS Bedrock EU, or self-hosted). The DPIA reviewer will ask · be ready.

Pattern 5 · Retention tied to academic year

Default retention: end of academic year + N months for transcripts. Auto-purge anything beyond. Account closures within 30 days. Gradebook archives can be exported by the school but live as cold storage with stricter access controls.

DPIA shape that schools sign

1-page summary, 2-page processing inventory, 1-page risk assessment, 1-page mitigations, 1-page residual-risk + sign-off. Schools have 5-10 vendors to review per term · a 30-page DPIA gets bottom-of-pile. Make it short, factual, signed.