Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

GDPR Meets Student Mobility: 

Use Cases for Students Taking Part in Erasmus+ Mobility for Studies and Traineeships

The following section elaborates on different stages, actors and documents related to student mobility for studies and traineeships and use cases relevant to the Higher Education Institutions for an internal self-reflection on compliance questions.

A. Stages of Mobility:

There are different aspects to take into consideration at different stages of mobility and in this document we will look into the following:

  1. Pre-Mobility
  2. During Mobility
  3. Post-Mobility

Questions to keep into consideration: 

  • When do you collect the consent to process each student’s personal data at your institution? Upon admission? How are any updates communicated? 
  • What is the scope of such consent? Multiple purposes and mobility included in the documentation?
  • Should you have additional Terms and Conditions and Privacy Policy documentation in place to process the student’s data for the mobility management? 

B. Mobility Actors (potentially involved in the data processing):

  1. Student
  2. Sending HEI
    1. IT Department/Central Database manager
    2. Departmental/Institutional Coordinators
    3. International relations/Exchange programmes manager
    4. ...
  3. Intermediary Organisation
    1. Third Party Service providers for processing data
    2. National registry/Statistics office
    3. ...
  4. Receiving HEI/Organisation or Enterprise (for traineeships)
    1. IT Department/Central Database manager
    2. Departmental/Institutional Coordinators
    3. Responsible Person, Supervisor, Mentor (for traineeships)
    4. ...

Questions to keep into consideration: 

  • Are you aware of all the actors that are processing your student’s data?
  • Are students informed about all the actors processing their data?
  • How are you keeping track on updates in the process?

C. Mobility Documents:

There are several key documents that are exchanged throughout the mobility management process and each contains different items of personal or sensitive data.

  1. Inter-Institutional Agreement between the HEIs
  2. Application for Studies/Traineeship abroad (e.g. CV)
  3. Student Nomination
  4. Access credentials to OLS
  5. Learning Agreement for Studies
  6. Learning Agreement for Traineeships
  7. Grant Application (annexed by Transcript, Traineeship/Study Offer)
  8. Grant Agreement (The Grant Agreement comes under the purview of national laws of each individual member states9 
  9. Potentially confirmation of having special needs/coming from disadvantaged backgrounds/proof of financial situation.
  10. Any additional data that might be necessary for Visa or acceptance at the host institution. 
    1. ID or Passport
    2. Proof of not having criminal record
    3. ...
  11. Certificate of Arrival/confirmation of the length of the mobility period
  12. Transcript of Record/Traineeship Certificate (After completion of the agreed study/training period)  
  13. Participant’s report/Feedback surveys
  14. Other: (e.g. grade distribution data or other specifics as per needs of different HEIs etc.)

Questions to keep into consideration: 

  • Is the difference between personal and sensitive data clear in all the cases at your institution?
  • Are there appropriate practices for handling and storing personal and sensitive data?
  • Are you ready for situations when students want to exercise their rights under GDPR to retract, delete, edit etc. their data?



  • No labels