The goal of the article has been to identify general risks of universities and faculties that are arising to them regarding the personal data in teaching, research and development based on the social and technological transformation during (and possibly after) the COVID-19 pandemic. Academic activities involve online and blended teaching using the online modern instruments of group electronic communication. The identified risks were based on the review of the literature and legal acts with quantitative research including 959 respondent questionnaires, validated through 7 structured interviews. The first risk involves a potential personal data breach in online communication. The second risk is a potential lack of a data protection training for employees, professors, or students, specifically including the training for employees on the safe leading of online meetings. The third risk involves a default public pre-setting of public access to accounts, files and folders (instead of private pre-setting). The fourth risk involves an insufficient awareness regarding the importance of getting to know privacy policies on various tools or websites and privacy settings in tools. Based on our research, we have come to conclusion that academic institutions should tighten up measures as well as practices regarding the aforementioned risks in order to comply with the GPDR regulation.