General Data Protection Regulation Compliance (GDPR)

What is GDPR?

GDPR is a regulation established by the European Union (EU) and applies to personal, identifiable information on EU citizens. There are three main requirements of the GDPR:

Data Protection Impact Assessments (DPIA’s): These are compliance frameworks similar to Health Insurance Portability and Accountability Act (HIPAA)

  1. Role Definitions: GDRP asks that roles and responsibilities are clearly defined in an organization such as data controllers, data processors, and Data Protection Officers (DPOs)
  2. Breach notifications must occur within 72 hours: if a breach of information occurs and it involved personal, identifiable information on EU citizens, the breach must be reported within 72 hours to the Supervisory Authority (SA). 

According to the regulation the SA has investigative, advisory and corrective powers. The regulation is expected to go into effect May 25th, 2018. Non-compliant organizations are subject to administrative fines.

The Office of Information Technology has been aware of the GDPR requirements going into effect May 25th, 2018. OIT fully supports user privacy and the privacy of our community members from the EU and will make every attempt to comply with the requirements as they apply to the University.

If you have additional questions or concerns please contact the OIT Support Center.