Overview
The regulation came into force 24 May 2016, and became enforceable 25 May 2018.
Reaching compliance continues to be a major institutional project involving all units throughout the ºÚÁÏÍø system. Fines for failing to comply with the GDPR provisions can be up to 20,000,000 euros or 4% of an institution's annual revenue (whichever is higher).
ºÚÁÏÍø's Director of Global Technology, Risk, Compliance, and Privacy is based out of Vienna. ºÚÁÏÍø's Global GRC and Privacy Operations Manager is based out of Athens. ºÚÁÏÍø has designated on-site Privacy Managers at most of its international campuses and at all European sites.
Information About GDPR and Understanding GDPR
- The Q&A below provides further overview and answers to some common questions about GDPR.
- The newsroom on GDPR topics.
- For deeper detail, you may also review the EU legislation (PDF).
- EU residents/citizens wishing to exercise their rights to Personal Data Access, Rectification and Erasure should go to Personal Data Access.
FAQs
GDPR sets out seven key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability.
For further details on this topic, see .
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, by reference to a particular identifier, such as:
- A name
- An identification number
- Location data
- Online identifier
- One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
For further details on this topic, see .
GDPR applies to all EU subjects, regardless of where they are studying. In practice, the processes Webster is putting in place to comply with GDPR apply to all campuses and all Webster constituents (e.g. prospective students, active students, employees, alumni), regardless of their country of citizenship.
In summary, all Webster campuses and operations must comply.
For further details on this topic, see .
:
- Consent
- Contract
- Legal obligation
- Vital interest
- Public task
- Legitimate interests
:
- Consent must be freely given, specific, informed and unambiguous.
- Consent requires some form of clear affirmative action ("Opt-out" or silence does not constitute consent).
- Consent must be demonstrable. A record must be kept of how and when consent was given.
- Individuals have the right to withdraw consent at any time.
For further details on this topic, see .
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
For further details on this topic, see .