The EU General Data Protection Regulation (GDPR) is "the most important change in data privacy regulation in 20 years," according to its official portal.
As the economy becomes increasingly digitized, many institutions hold highly sensitive personal information on their students, employees, and other individuals. As such, there's a pressing need to protect individuals' data and privacy rights. The GDPR was introduced to specify how consumer data should be used and protected.
Here are a few fast facts about the GDPR:
1. Adopted by the European Parliament in April 2016, GDPR will become enforceable in May 2018.
2. It applies to everyone involved in processing data about individuals in the context of selling goods and services to citizens in the EU, regardless of whether the organization is located within the EU.
3. Its seven major provisions cover the following areas: • Consent • Breach notification • Right to access • Right to be forgotten • Data portability • Privacy by design • Data protection officers.
For further coverage of the topic, visit AACRAO’s Trending Topics: GDPR page.
AACRAO is working to develop a set of webinars to address the issues, risks and follow-up considerations for U.S. higher education institutions. If your institution is currently working and planning for the May 2018 implementation please contact funakij@aacrao.org.