The General Data Protection Regulation (GDPR) is the European Union's response to the increased role that technology now plays in everyday life, and as students who reside in the United Kingdom continue to pursue education across global borders. This internationalization of information requires institutions (even those based outside of the U.K.) to take greater steps and stress the importance of the control and processing of this personal data.
The GDPR takes effect May 25, 2018 and applies to all institutions that have a presence in, or target prospects and students who reside in, the European Union.
Why this matters:
- Institutions will need to locate all instances of an individual's personal data across the entire infrastructure—and, if necessary, modify the way data is collected, stored, and processed in accordance with these EU regulations.
- Institutions will need to demonstrate compliance through appropriate governance measures, including detailed documentation, logging, and continuous risk assessment.
- Institutions will be obligated to notify relevant authorities of any personal data breach likely to result in a risk to "the rights and freedoms of individuals."
Richard Forrest, Vice President, Global Strategy, Ellucian