Gannon University Statement on GDPR
Effective May 25, 2018, the European Union's General Data
Protection Regulation ("GDPR") imposes data privacy and data
protection requirements on entities that control or process
personal data about of citizens in the 28 member countries of the
European Union ("EU"). GDPR's requirements apply to entities
located outside of the EU who control or process the personal data
of anyone who is in the EU, regardless of EU citizenship.
General Requirements
The GDPR is primarily focused on data privacy for EU data
subjects. It also requires appropriate and reasonable data
security measures.
GDPR is focused on the personal data of EU data subjects.
Personal data is any information about an identified or
identifiable EU data subject and includes name, address, online
identifiers (including IP addresses), location data (e.g. GPS
coordinates), email address, data revealing racial or ethnic
origin, political opinions, religious or philosophical beliefs,
trade-union membership, genetic data, biometric data, data
concerning health, sex life, and sexual orientation. For more
details, please refer to GDPR website at https://gdpr.eu/.
The GDPR gives EU data subjects significant new rights over how
their personal data is collected, processed, and transferred. Under
GDPR, EU data subjects have the right to, among other things:
- Access any data that an organization has collected about
them;
- Know why an organization is processing their personal data and
the categories of personal data that an organization
processes;
- Correct any errors in personal data collected or processed by
an organization;
- Know how long an organization will store their personal data;
and
- Under certain circumstances, require the organization to
permanently delete the individual's personal data, aka the "right
to be forgotten"
Our Plans for GDPR
- We formed an internal GDPR Team to better understand the GDPR
and implement policies and procedures to work towards GDPR
compliance.
- We are working to identify the EU data subjects in our current
systems.
- We are working to identify the entry points of EU data subjects
into our systems and minimize the collection and processing of such
data whenever possible.
- We created a Privacy Policy that explains our privacy
protection and incorporates GDPR. This can be reached at www.gannon.edu/privacy
- We are working to educate our constituents about GDPR.
- We will begin conducting assessments across departments to
understand the data that is collected, used, and shared.
- We are in the process of identifying our lawful basis for
processing personal data, documenting it, and updating our privacy
notices to explain it to individuals.
- We are working with our vendors and other third parties to help
understand and work towards GDPR compliance.
- We are working to create an OPT-IN process for the main sources
of our data collection and usage.
- We are monitoring how this broadly scoped legislation is
clarified over time so that we can refine and improve our
compliance.
Questions or concerns about our website privacy protection
policy or GDPR can be e-mailed to compliance@gannon.edu.