U.S. colleges and universities under the impression that new European data-protection laws won’t affect them have been urged to think again.
Speaking at a session on the soon-to-be-enforced European Union General Data Protection Regulation, William Hoye, executive vice president and chief operating officer at nonprofit study abroad organization IES Abroad, warned that the new E.U. rules have “very sharp teeth” and would almost certainly apply to all U.S. higher education institutions.
Failure to comply with the E.U. rules could lead to fines of up to 20 million euros, said Hoye. “That’s around $23,634,000. Do I have your attention yet?” Hoye asked.
The GDPR, which comes into force in May 2018, represents a significant expansion of protection for the personal data of E.U. residents, explained Gian Franco Borio, a lawyer who also spoke at the Educause session.
Unlike the previous E.U. Data Protection Directive, the GDPR will apply not only to organizations with a physical presence in the E.U., but also to any organization worldwide that processes the personal information of E.U. residents. Many U.S. institutions have physical outposts in Europe, but even those that don’t will need to look carefully at the new rules because they interact with faculty, students or prospective students based in the E.U., said Borio.
Read more at Inside Higher Ed: https://www.insidehighered.com/news/2017/11/06/eu-data-protection-law-looms