Steps You Should Take for GDPR Compliance

Social Media Links
Overview of steps for GDPR
See the steps below for full text and a full-resolution handout of the GDPR Compliance Steps.

Do you collect, store or transmit any personal data in your role with Webster? Faculty, staff and students at all Webster University campuses should be aware of how GDPR affects business processes and the handling of personal data.

The General Data Protection Regulations (GDPR) will go in effect on May 25, 2018. The regulation is the most far-reaching change to data protection in a generation. Review these steps to compliance provided by the GDPR project team. 

You may find useful this one-page handout [PDF] containing all of the steps listed below. Discuss them with your colleagues and supervisors. Make sure you are prepared for the compliance deadline of May 25.

Still unfamiliar with GDPR? See this Q&A for an overview.

For further information and continuing updates, visit .

GDPR Compliance Steps

1. Information you hold

Document what personal data you hold, where it came from and who you share it with. GDPR applies to anyone involved in processing data for citizens or residents in the EU, regardless of whether the employee/student is located in the EU.

2. Communicating privacy information

Update current student/employee privacy notice and complete updates in time for May 25, 2018 GDPR Implementation.

3. Individuals’ rights

Check procedures to ensure they cover all the rights EU residents and citizens have under GDPR. These include how you edit, electronically transport, securely store, correct, retain and delete their personal data; and in a commonly used format.

4. Subject access requests

Update procedures and protocols for handling requests.

5. Lawful basis for processing personal data

Identify the lawful basis for your processing activity in the GDPR, document it, and update the privacy notice to explain it.

6. Consent

Request consent at initial recruitment and enrollment process for citizens and residents to meet the GDPR standard.

7. Children

Put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity (e.g. Community Music School, SPICE activities, summer camps, etc.)

8. Data breaches

Ensure the appropriate procedures are in place to detect, report, and investigate a personal data breach.

9. Questions?

Email your questions to

Social Media Links

Related News