Inter-school Competitions – What Should You Keep in Mind?

Any institution organizing an inter-school competition must ensure the proper protection of personal data belonging to participants, their guardians, and teachers. The following guidelines apply to all institutions that open competitions to students (or other participants) from outside their own organization — that is, when collecting submissions from external individuals.

THE COMPETITION ORGANIZER SHOULD REMEMBER TO:

A. OBTAIN APPROPRIATE CONSENTS.
B. PROVIDE A PRIVACY NOTICE.
C. FORMALIZE DATA PROCESSING WITH OTHER INSTITUTIONS.
D. ISSUE DATA ACCESS AUTHORIZATIONS.

A. PROPERLY FORMULATED CONSENT
Be sure to obtain the following consents:

  • Consent to the processing of the participant’s personal data — for the purpose of participating in the competition.
  • Consent to the use of image — for both participants and their teachers or guardians — if you plan to publish photos from the competition or of the winners on your website or social media channels.
  • Consent to publish information such as name, class, age, and placement in the competition on the organizer’s website — if you intend to post these details online.

B. PRIVACY NOTICE
Every competition involves the processing of personal data — not only of participants, but also of parents/legal guardians (in the case of minors) and teachers. Each of these individuals should be informed about how their data will be processed.

How to effectively provide the privacy notice?

  • The full privacy notice should be made available on the organizer’s website and in the school office. Ideally, the notice should be attached as an annex to the competition’s official rules.
  • A short version of the privacy notice should be placed on application forms (e.g. in the document footer). However, for this to be effective, the full notice must be easily accessible — as stated above.

C. REGULATING DATA PROCESSING BETWEEN INSTITUTIONS
If participant registrations are submitted through other institutions, the way in which they process personal data must be regulated. These schools are collecting personal data on behalf of the organizer, using forms prepared by the organizer. In such cases, at minimum, the general rules for data processing should be included in the competition rules.

Ideally, detailed regulation should be established through a data processing agreement or another legal instrument — such as a data processing policy.

If participants register individually and directly, no additional regulation is necessary, as no third party is involved in transferring forms or consents.

D. DATA PROCESSING AUTHORIZATIONS
If members of the competition jury include external individuals (e.g. representatives of a sponsor or partner organization), and they are not employed by the organizer, then they must be granted proper authorization to process personal data.

The only mandatory consent is the one for participation in the competition and for data processing necessary to carry it out.
Consent for image use or online publication of data should not be obligatory, and refusal to give such consent must not affect a participant’s ability to take part in the competition.