On May 25, the European Union (EU) General Data Protection Regulation (GDPR)—which introduces enhanced compliance, governance and accountability on organizations involved in the processing of personal data—went into effect.
The GDPR is not limited to universities or companies operating in the EU alone, but was written to apply internationally when relevant as well, including here at UF.
Many common campus activities may be affected by the new law, such as hosting a website that offers classes to students in Germany, allowing medical students in Spain to complete a clinical rotation at UF or running a clinical trial in Italy.
To the extent that your unit collects, uses or retains personal data from people in the 28 countries that are part of the EU (e.g., prospective students, students, scholars, research subjects, others), the requirements of this regulation may affect you. Non-compliance with the law can result in monetary penalties.
UF has created a GDPR Workgroup to review the regulation and work with campus units to determine what EU personal data the university may have or process.
What you can do
UF faculty and staff’s help is needed in this endeavor. To help assess whether the GDPR applies to your unit, please take this brief online survey: https://is.gd/UFGDPRSurvey
Email Privacy-GDPR-L@lists.ufl.edu with any questions and be sure to watch for more information. You can also check out these additional resources:
- GDPR at UF
- EU Data Protection (European Commission)
- AACRAO GDPR (American Association of Collegiate Registrars and Admissions Officers)
- Educause/GDPR (a higher-education technology association)