The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all EU citizens and EU residents.
The General Data Protection Regulations (GDPR) went into effect on May 25, 2018. The regulation is the most far-reaching change to data protection in a generation.
Why does the GDPR affect all staff, faculty and students at Loyola Marymount University?
The regulation puts individuals in charge of their personal information and allows individuals greater control over the transfer of data as well as who and where personal data is stored. It will fundamentally affect any organization that stores, processes or handles the personal data of all EU citizens and EU residents – irrespective of that organization's size or where in the world it is based.
What is the responsibility of Loyola Marymount University?
GDPR places significant new restrictions and responsibilities on Loyola Marymount University, including the responsibilities to:
- Build privacy into systems by design (and switched on by default)
- Conduct regular privacy impact assessments
- Implement stronger consent mechanisms (particularly when processing data pertaining to minors)
- Follow stricter procedures for reporting data breaches
- Document any use of personal data in far more detail than previously
How is Loyola Marymount University preparing for GDPR?
Loyola Marymount University has convened a GDPR Executive Steering Group to oversee campus-wide adherence to GDPR. The steering group consists of members of the Provost Office, Legal Counsel, Information Technology Services, Enrollment Management, Human Resources, University Relations, and Marketing & Communications. This group will oversee the various identified activities that are currently underway such as:
- Identifying a Data Protection Officer
- Documenting the various collection processes of personal data
- Ensuring consent of collection of personal data is adhered to
- Develop business process for responding to EU residents exercising their rights under the GDPR