UI Operations Manual

Please review the UI Operations Manual and other resources below.

UI Operations Manual

European Union General Data Protection Regulation (EU GDPR)


The GDPR introduces enhanced compliance, governance, and accountability on organizations involved in the processing of “personal data” about individuals in the EU.  The GDPR defines “personal data” very broadly such that the term includes names, addresses, phone numbers, national IDs, IP addresses, profile pictures, personal healthcare data, educational data, and any other data that can be used to identify an individual.


This new regulation became effective May 25, 2018, and its expanded scope comes in tandem with the potential for significantly increased penalties for non-compliance, such as the higher of 4% of an organization’s global turnover or €20,000,000.


Also, the GDPR is not limited to companies or universities operating in the EU alone.  In fact, it’s expressly drafted to apply in an extraterritorial context where certain conditions are met.  

 

More Resources

EU Data Protection (European Commission, general information)

https://ec.europa.eu/info/law/law-topic/data-protection_en

AACRAO GDPR (American Assoc. of Collegiate Registers and Admissions Officers)

https://www.aacrao.org/advocacy/compliance/gdpr

Educause/GDPR (a higher education technology association)

https://library.educause.edu/topics/policy-and-law/eu-general-data-protection-regulation-gdpr