Skip to Main Content

GDPR Statement

  • Gannon University Statement on GDPR

    Effective May 25, 2018, the European Union's General Data Protection Regulation ("GDPR") imposes data privacy and data protection requirements on entities that control or process personal data about of citizens in the 28 member countries of the European Union ("EU").  GDPR's requirements apply to entities located outside of the EU who control or process the personal data of anyone who is in the EU, regardless of EU citizenship.

    General Requirements 

    The GDPR is primarily focused on data privacy for EU data subjects.  It also requires appropriate and reasonable data security measures.   

    GDPR is focused on the personal data of EU data subjects. Personal data is any information about an identified or identifiable EU data subject and includes name, address, online identifiers (including IP addresses), location data (e.g. GPS coordinates), email address, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health, sex life, and sexual orientation. For more details, please refer to GDPR website at

    The GDPR gives EU data subjects significant new rights over how their personal data is collected, processed, and transferred. Under GDPR, EU data subjects have the right to, among other things:

    • Access any data that an organization has collected about them;
    • Know why an organization is processing their personal data and the categories of personal data that an organization processes;
    • Correct any errors in personal data collected or processed by an organization;
    • Know how long an organization will store their personal data; and
    • Under certain circumstances, require the organization to permanently delete the individual's personal data, aka the "right to be forgotten"

    Our Plans for GDPR

    • We formed an internal GDPR Team to better understand the GDPR and implement policies and procedures to work towards GDPR compliance.
    • We are working to identify the EU data subjects in our current systems.
    • We are working to identify the entry points of EU data subjects into our systems and minimize the collection and processing of such data whenever possible.
    • We created a Privacy Policy that explains our privacy protection and incorporates GDPR. This can be reached at
    • We are working to educate our constituents about GDPR.
    • We will begin conducting assessments across departments to understand the data that is collected, used, and shared.
    • We are in the process of identifying our lawful basis for processing personal data, documenting it, and updating our privacy notices to explain it to individuals.
    • We are working with our vendors and other third parties to help understand and work towards  GDPR compliance.
    • We are working to create an OPT-IN process for the main sources of our data collection and usage.
    • We are monitoring how this broadly scoped legislation is clarified over time so that we can refine and improve our compliance.

    Questions or concerns about our website privacy protection policy or GDPR can be e-mailed to