Home / European Union General Data Protection Regulation (GDPR) Compliance

European Union General Data Protection Regulation (GDPR) Compliance

The European Union (“EU”) General Data Protection Regulation (GDPR) is a new far-reaching data privacy regulation that will go into effect on May 25, 2018 in the EU. The GDPR greatly expands the territorial scope, enforcement uniformity, and umbrella of data that was previously covered by the previous EU Data Protection Directive. The GDPR:

  • Will be the primary law regulating how companies and organizations protect the personal data of individuals within the EU and is intended to affect organizations worldwide, including universities.
  • Mandates a baseline set of standards for organizations that handle certain personal and other data of individuals located in the EU to better safeguard the processing and movement of that data.
  • Applies to institutions with no physical EU presence if they control or process covered information (irrespective of whether the subject individuals are EU citizens).

 This Regulation may have implications for your unit if your unit collects, processes, or stores (or uses a third party to collect, process, or store) personal data from individuals located in the European Union. The GDPR defines "personal data" very broadly such that the term includes names, addresses, phone numbers, national IDs, IP addresses, profile pictures, personal healthcare data, educational data, and any other data that can be used to identify an individual.

We are engaging the help of a consultant to help us understand the impact of GDPR on ASU. We will be assessing those impacts across campus, with our initial focus on 5 high-risk functional areas:

  • University Research
  • Marketing and Communications
  • Student Affairs
  • Fundraising/Foundation/Alumni Association
  • Human Resources

Preparations are underway to ensure the university’s processes will comply with the European Union’s General Data Protection Regulation (GDPR). Further communications will be provided to ASU faculty, staff and students on how GDPR affects them and their handling of data at ASU.