Challenge
A critical challenge facing schools in the Netherlands (and other European countries) is the significant gap between theoretical knowledge of GDPR and practical implementation. While schools have a lot of information in text available on GDPR principles and (in the Netherlands also) the Normenkader IBP framework, translating this knowledge into actionable steps within their Google Workspace for Education environment remains a hurdle. The Dutch Normenkader IBP is a guideline for information security and privacy in schools. It outlines 69 information security standards and 25 privacy standards across 15 different areas. These standards help schools implement best practices to protect student data. Normenkader IBP isn't just a suggestion. Since the 2023-2024 school year, schools in the Netherlands are required to address information security and privacy (IBP) in their annual reports. The Normenkader provides a "toetsingskader" (assessment framework) which acts as the minimum baseline for compliance. This means schools need to demonstrate they've taken steps towards meeting these IBP standards. Existing support structures primarily focus on basic admin settings rather than offering concrete guidance on optimizing Google Admin settings for optimal privacy and security. While IT companies, often Google partners, react to specific questions from schools, they lack a proactive approach. This leaves schools struggling to navigate the intricate Admin console and identify the most suitable settings for their unique needs. This disconnect hinders schools from fully utilizing the security and privacy features embedded within Google Workspace for Education. As a consequence, student data may not be optimally protected, potentially exposing them to unnecessary risks. Ultimately, this challenge undermines trust in the education system and hinders efforts to foster a safe and secure online learning environment.