Preparing for EU's General Data Protection Regulation
July 17, 2017
Webster University is in the process of reviewing and updating business processes to comply with the European Union’s General Data Protection Regulation (GDPR).
The law, which is a sweeping new regulation addressing the handling of personal data and documentation of such processes, applies to all organizations operating within the EU. It outlines several rights of the individual for explicit consent on how personal data can be used, processed, transmitted, as well as how any such data must be protected.
Institutions are required to be in compliance by May 25, 2018, though Webster’s targeted implementation date is March 1, 2018. Failure to comply subjects institutions to fines as high as 20 million Euros or four percent of revenue – whichever is higher.
Though work is already underway, reaching compliance will be a major project involving all units throughout Webster’s worldwide network. (i.e. This will affect not only the European campuses, but all campus locations in the network.) The handling of personal data at every step of the student life cycle – from prospective student inquiry to alumni communications – will be affected.
Project teams are being formed to help assess, update and inform new decisions about Webster’s processing of personal data in order to comply with GDPR. Those who are not involved on project teams will nonetheless need to be aware of this on-going process and its impact.
For a helpful overview of all that the GDPR entails, see this guide maintained by the U.K.’s Information Commissioner’s Office, which calls GDPR “the biggest change to data protection law for a generation.”
Expect more information and frequent updates on this process at Webster throughout the year.