Are You Compliant?
WHY IT MATTERS
The General Data Protection Regulation (GDPR) affects how websites handle the personal data of users. The GDPR came into effect in 2018 to protect the EU citizens’ privacy; however, it inevitably affects American websites, like yours, that gather data from European visitors.
It’s important to stay informed and protect yourself, and your users, from potential legal issues. If you’re concerned about how GDPR affects your company or institution from either a business perspective or development perspective, we’re here to help.
By the numbers
are reconsidering their European business strategy
come from the EU
the maximum amount of time to notify users of a breach
THINK TO THE FUTURE
What this means for higher education
International students are a dynamic part of many colleges and universities, so your institution is likely collecting data from individuals protected by the GDPR.
FERPA, the Family Educational Rights and Privacy Act, is a U.S. federal law designed to protect the privacy of students and their education records. It should be noted that it does not ensure GDPR compliance.
There are two ways to maintain FERPA compliance. One, notify students in writing annually of their rights under FERPA. Two, grant access to students and/or parents (if applicable) to education records. The main difference between FERPA and GDPR is the “right to be forgotten” clause. All information collected on students must be destroyed after their departure from the university to remain in compliance with the GDPR.
PREPARING FOR GDPR
Knowledge is power
You need to ensure your hosting environment, data transmissions, and data capture tools comply with GDPR. Users must be able to opt-in to tracking via cookies or sessions, and have access to their data.
If you need help with updating your privacy policies, documenting how you plan to track activity, or monitoring third-party services for GDPR compliance, we’re here to help.