General Data Protection Regulation (GDPR) Compliance

General Data Protection Regulation (GDPR) Compliance

The General Data Protection Regulation (GDPR), which formally took effect May 25, 2018, is intended to affect organizations worldwide, including universities. The GDPR:

  • Replaces the Data Protection Directive 95/46/ec as the primary law regulating how companies and organizations protect the personal data of European Union (EU) residents.
  • Expands personal privacy rights for EU residents and also affects non-EU citizens located in the EU.
  • Mandates a baseline set of standards for organizations that handle certain personal and other data of individuals located in the EU to better safeguard the processing and movement of that data.
  • Applies to institutions with no physical EU presence if they control or process covered information (irrespective of whether the subject individuals are EU citizens).
  • Calls for fines of up to 4% of annual global turnover, or 20 million euros, whichever is more, for violations of the regulation.

Kent State University GDPR Compliance Program

Kent State University is developing a GDPR compliance program. The University Data Protection Officer created a working group. The GDPR team is working to develop a risk-based GDPR compliance strategy and develop recommendations for an ongoing, sustainable GDPR compliance program.

 

For more information, please see Kent State University Data Privacy Statement https://www.kent.edu/privacy-statement or the Official EU Commission Site https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en.

 

 

Personally Identifiable Information

  • Name
  • Address (all geographic subdivisions smaller than state, including street address, city county, and zip code)
  • All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)
  • Telephone numbers
  • Fax number
  • Email address
  • Social Security Number
  • Medical record number
  • Health plan beneficiary number
  • Account number
  • Certificate or license number
  • Any vehicle or other device serial number
  • Web URL
  • Internet Protocol (IP) Address
  • Finger or voice print
  • Photographic image - Photographic images are not limited to images of the face.
  • Any other characteristic that could uniquely identify the individual

(Borrowed from Loyola University Chicago on 9/20/2018)