What is GDPR?
The General Data Protection Regulation (“GDPR”) took effect on May 25, 2018 and expands personal privacy rights and strengthens the consent process for residents of European Union member states (EU) as well as non-EU citizens located in an EU member state. GDPR requires baseline safeguards be implemented by organizations that process the personal information for individuals residing in a European Union member state. GDPR affects organizations worldwide, including universities, and applies to institutions that process covered personal information even if the organization has no physical presence within the EU.
What does this mean to me?
If you are an EU resident or a non-EU citizen studying abroad in an EU member state, you are afforded the additional protections covered under GDPR, including the “Right to be Forgotten.”
What initiatives and processes has West Virginia University put in place to meet GDPR requirements?
WVU has new put processes and initiatives in place to meet GDPR requirements which include:
- University-wide adoption of a Privacy Notice
- Established mechanism for requesting the “Right to be Forgotten”/”Right of Erasure” or “Right to Access”
- Ongoing collection data inventories (data collection and use/purpose of collection)
- Ongoing updating of consent process, as appropriate
What do I need to do for GDPR compliance?
Unless ITS has met with you, you do not need to do anything currently; however, your college/department/program should begin to document any data elements you collect and why you collect them.
If you have additional questions pertaining to GDPR, please contact email@example.com.