Steps You Should Take for GDPR Compliance
February 23, 2018
Do you collect, store or transmit any personal data in your role with Webster? Faculty, staff and students at all Webster University campuses should be aware of how GDPR affects business processes and the handling of personal data.
The General Data Protection Regulations (GDPR) will go in effect on May 25, 2018. The regulation is the most far-reaching change to data protection in a generation. Review these steps to compliance provided by the GDPR project team.
You may find useful this one-page handout [PDF] containing all of the steps listed below. Discuss them with your colleagues and supervisors. Make sure you are prepared for the compliance deadline of May 25.
Still unfamiliar with GDPR? See this Q&A for an overview.
For further information and continuing updates, visit www.webster.edu/gdpr .
GDPR Compliance Steps
1. Information you hold
Document what personal data you hold, where it came from and who you share it with. GDPR applies to anyone involved in processing data for citizens or residents in the EU, regardless of whether the employee/student is located in the EU.
2. Communicating privacy information
Update current student/employee privacy notice and complete updates in time for May 25, 2018 GDPR Implementation.
3. Individuals’ rights
Check procedures to ensure they cover all the rights EU residents and citizens have under GDPR. These include how you edit, electronically transport, securely store, correct, retain and delete their personal data; and in a commonly used format.
4. Subject access requests
Update procedures and protocols for handling requests.
5. Lawful basis for processing personal data
Identify the lawful basis for your processing activity in the GDPR, document it, and update the privacy notice to explain it.
Request consent at initial recruitment and enrollment process for citizens and residents to meet the GDPR standard.
Put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity (e.g. Community Music School, SPICE activities, summer camps, etc.)
8. Data breaches
Ensure the appropriate procedures are in place to detect, report, and investigate a personal data breach.
Email your questions to GDPR@webster.edu.