Faculty, staff, students, prospective students and alumni should be aware of how the GDPR affects them and how Saint Mary’s will handle their “personal data” that is subject to the GDPR.
What is the GDPR?
The GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals in the European Union (the “EU”), including, but not limited to, EU citizens and EU residents.
The GDPR is effective on May 25, 2018.
Why does the GDPR affect staff, faculty, students, prospective students, and alumni?
When certain personal data is collected from an individual in the EU, the GDPR puts that individual in charge of his or her personal data, and allows the individual to exert greater control over the use, transfer, storage, and retention of that personal data. It has been reported that the GDPR will fundamentally affect any organization that collects, stores, processes or otherwise handles an individual’s personal data. The GDPR provides us with an opportunity to (i) further strengthen the way we protect the personal data we collect and “process” (as that term is defined under the GDPR), and (ii) make privacy a central element of what we do.
What is Saint Mary’s responsibility under the GDPR?
The GDPR places new restrictions and responsibilities on Saint Mary’s (where applicable) including the responsibilities to:
1. build privacy into systems “by design and default”;
2. conduct regular data privacy impact assessments;
3. implement certain consent mechanisms (particularly when processing sensitive personal data and/or personal data concerning minors);
4. follow specific procedures for reporting any data breaches; and
5. document the use of personal data in more detail.
What happens if Saint Mary’s fails to comply with the GDPR?
Failing to comply can result in the imposition of monetary penalties.
As with most new laws, it is expected that the applicable regulators in the EU will issue additional guidance in the coming months. We encourage you to visit this website in the future for further information and continuing updates with respect to our GDPR compliance efforts.
If you have any questions regarding the GDPR, please email us at: email@example.com