General Data Protection Regulation
The European Union General Data Protection Regulation (“EU GDPR”) is a new and more stringent regulation governing the use of personal data. It imposes new obligations on entities that control or process personal data about people who are located in the European Union. This regulation applies both inside the European Union (“EU”) and outside of the EU, and applies to data about anyone in the EU, regardless of whether they are a citizen or permanent resident of an EU country.
Policy
Forms
Frequently Asked Questions
What is the EU GDPR and when does it take effect?
The European Union General Data Protection Regulation (“EU GDPR”) is a new and more stringent regulation governing the use of personal data. It imposes new obligations on entities that control or process personal data about people who are located in the European Union. This regulation applies both inside the European Union (“EU”) and outside of the EU, and applies to data about anyone in the EU, regardless of whether they are a citizen or permanent resident of an EU country.
The regulation took effect on May 25, 2018.
What information is subject to the EU GDPR?
The EU GDPR applies to the control or processing of ‘personal data,’ which is defined as:
Any information relating to an identified or identifiable natural person ( the data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of identifiers include but are not limited to: name, photo, email address, identification number such as GCSU ID#, GCSU Account (User ID), physical address or other location data; IP address or other online identifier.
What are the Georgia College & State University security standards and requirements for EU GDPR Data?
All personal data and sensitive personal data collected or processed by any Georgia College department under the scope of the EU General Data Protection Regulation Compliance Policy must comply with the security controls and systems and process requirements and standards of NIST Special Publication 800-171.
Does Georgia College have a policy concerning EU GDPR data?
Yes, the policy may be found in the Georgia College Policies, Procedures and Practices Manual under The EU General Data Protection Regulation Compliance Policy
Does the EU GDPR apply to Georgia College’s Cooperative Organizations?
Yes. If the Cooperative Organizations collect and process personal data of persons located in the EU, the EU GDPR applies to those collection and processing activities. The Cooperative Organizations should follow their compliance policies with regard to this data.
For more information on Georgia College's Cooperative Organizations, visit the Office of Legal Affairs.
If I have questions about my personal data that is subject to the EU GDPR, with whom should I speak?
Individuals with questions about their personal data collected and processed by Georgia College that is subject to the EU GDPR should contact the Office of Legal Affairs at legal@gcsu.edu.