European Union General Data Protection Regulation (GDPR) Compliance
The European Union (EU) General Data Protection Regulation (GDPR) is a far-reaching data privacy regulation that the EU adopted two years ago. On May 25th, the regulation will be extended to apply to businesses that operate outside of the EU, but process data on EU citizens, such as UA. The GDPR greatly expands the territorial scope, enforcement uniformity, and umbrella of data that was previously covered by the previous EU Data Protection Directive. The GDPR:
- Will be the primary law regulating how companies and organizations protect the personal data of individuals within the EU and is intended to affect organizations worldwide, including universities.
- Mandates a baseline set of standards for organizations that handle certain personal and other data of individuals located in the EU to better safeguard the processing and movement of that data.
- Applies to institutions with no physical EU presence if they control or process covered information (irrespective of whether the subject individuals are EU citizens).
This Regulation may have implications for your unit if your unit collects, processes, or stores (or uses a third party to collect, process, or store) personal data from individuals located in the European Union. The GDPR defines "personal data" very broadly such that the term includes names, addresses, phone numbers, national IDs, IP addresses, profile pictures, personal healthcare data, educational data, and any other data that can be used to identify an individual.
We are engaging the help of a consultant to help us understand the impact of GDPR on the UA. We will be assessing those impacts across campus, with our initial focus on 5 high-risk functional areas:
- University Research to include University of Arizona Health Sciences Research and Medical Research
- Marketing and Communications
- Student Affairs
- Fundraising/Foundation/Alumni Association
- Human Resources
Preparations are underway to ensure the university’s processes will comply with the European Union’s General Data Protection Regulation (GDPR). Further communications will be provided to UA faculty, staff and students on how GDPR affects them and their handling of data at UA.
Learn more about the GDPR at our GDPR FAQ web page.