The European Union (EU) General Data Protection Regulation
The European Union (EU) General Data Protection Regulation (GDPR) is a new data privacy regulation that went into effect May 25, 2018. If users enter data into ASU’s systems while residing in the EU they would be covered by this regulation. This regulation is designed to provide rights to individuals within the EU regarding data privacy and reshape the way organizations across the region approach data privacy.
ASU has developed a risk-based GDPR compliance program to assist in analyzing and complying with the requirements of GDPR. The Provost Office, the Information Security Office and the Office of General Counsel have convened a working group with representatives from across the university. This team has updated enterprise requirements such as the ASU Privacy Statement, provided a Supplemental ASU Privacy Provisions for Persons in the European Union and added required GDPR Contractual Requirement to our Terms and Conditions. Please use these documents.
Each unit is responsible for ensuring their internal processes are compliant where applicable.
It could take some time to develop a more precise understanding of how GDPR will be further defined, interpreted, and enforced. ASU will be paying close attention to the evolution of the law's compliance requirements over the coming years and will respond and adjust compliance efforts as needed.
Read more information by visiting Get Protected.