Does your school have international students? Have you received website inquiries from prospective students living overseas? Do any of your alumni and donors live abroad?
If so, then your school must adhere to the European Union’s (EU) General Data Protection Regulation, or GDPR, which goes into effect May 25, 2018. The GDPR protects the personal data of people who live in the EU, even if they are not citizens of the foreign country where they reside.
While student records at American colleges and universities are protected by the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA), both FERPA and HIPAA fall short of the broad reach of the GDPR.
Unsure what your next steps should be? Following is a roundup of resources about GDPR, what it means to your institution, and how you can comply.
- Get news directly from the source on the EU GDPR website.
- Anna Krenkel’s article on the EAB site discusses four things you need to know about GDPR.
- EDUCAUSE explains GDPR’s effects on US institutions.
- The International Conference on Availability, Reliability and Security (ARES) explores the protection of personal data versus the obstacles for sharing data.
- The International Conference on Artificial Intelligence and Law points out holes in the GDPR regulation.
- The ACM Conference on Data and Application Security and Privacy provides a simplified privacy guide to explain the GDPR and risk levels.
- Inside Higher Ed discusses what GDPR means for American colleges and universities, including fines that will come from incompliance. Another article outlines the significant expansion of protection for the personal data of EU residents.
- Trying to explain GDPR to your boss? The Center for Digital Education does a good job of highlighting the pros and cons.
- Forbes points out that GDPR applies only to the data protection of EU citizens when they are in the EU when the data is collected, but that doesn’t mean your institution should ignore this regulation.
- The XPAN Law Group has a series of blogs devoted to GDPR issues from a legal standpoint.
- EDUCAUSE provides a roundup of GDPR articles.
- WCET has conducted research on GDPR and what you can do now to prepare for compliance.
How are you collecting personal data on your website? Learn about collecting data using OU Campus forms.