What is GDPR?
Even though the European Union’s General Data Protection Regulation (GDPR) has been in effect for over a year, many U.S. colleges and universities are still struggling with how best to implement the rules.
One reason is that the law is incredibly complex. The GDPR protects the personal information of individuals who live in the European Union, including data gathered and stored outside Europe. This means that students have greater control over their personal data and any college or university who collects student data is also required to protect it.
Specifically, the GDPR gives students the right to:
- Request that data be delivered to themselves or a third party.
- Ask your school to stop processing their data.
- Ask for all data to be automatically deleted when your school has no more use for it.
- Have access to their personal information.
- Be able to update their own personal information.
- Ask your school to purge all personal records of a student.
- Object to any automated decisions that could affect them.
Why does my college website need to be compliant with GDPR?
Besides the ethical reasons for complying with GDPR, there are stiff penalties and risks for noncompliance. Maximum fines are the greater of 20 million euros or 4 percent of global revenue—and individuals can also bring action for damages if GDPR rules are violated.
How can I help my college stay compliant with GDPR?
If you’re responsible for any part of your school’s digital presence, one of the easiest ways to get into and stay in compliance is to invest in a quality content management system (CMS).
Specifically, a good CMS will:
- Make it extremely easy for content contributors to edit content. This allows them to keep privacy policies up to date and comply with requests from website visitors to correct inaccurate information that might be posted on the website.
- Allow cross-team collaboration, which is crucial to maintaining GDPR compliance.
- Log edits to simplify audits.
- Feature decoupled architecture that prevents many types of the data breaches that other database-driven systems experience.
- Limit the collection of personal information from website visitors other than whatever they might enter into a form.
- Transmit form submissions through a secure server-side module.
- Export or delete form submissions within the CMS by a user who has been granted access to do so.
- Comply with email campaign anti-spam laws. For example, all subscribers must opt in and emails must contain an unsubscribe link that is automatically processed.
- Be an open platform CMS with enterprise level APIs so that custom code can be written to perform institution-specific GDPR processes.
What other steps can help my college stay compliant with GDPR?
The United Kingdom provides assessments so that organizations can determine whether they are in compliance with GDPR.
Additionally, there are a few other steps that a school can take to be in compliance:
- Clarify and justify why you are asking for specific information on your online forms. Adding a checkbox to accept your school’s privacy terms is also a good idea.
- With email marketing, all subscribers must have opted in to receive emails. Do not use purchased lists.
- Answer and comply with all GDPR-related requests in a timely fashion.
Are you interested in learning more about GDPR? Check out our latest webcast, GDPR Compliance and Your Website.
You can also request a demo of OU Campus to see how a quality CMS can help you stay compliant.