The Catholic University of America


Miscellaneous  Laws

European Union General Data Protection Regulation (GDPR)

Text of the RegulationApproved on April 6, 2016

The GDPR replaces the Data Privacy Directive 95/46/EC and is designed to harmonized data privacy laws across Europe and to protect the data privacy of all EU citizens. It affects U.S. institutions that process the personal information of E.U. citizens, which would include many IHEs, both as to bringing in employees or students from the E.U or sending students abroad to an EU country.  Compliance is expected by May 25, 2018. For the purpose of this law, Britain would be covered until it has fully exited the E.U. 

 Fines for non-compliance could lead up to 20 million euros. 

Seven Areas of Requirements: Consent, Breach Notification, Right to Access, Right to be Forgetten, Data Portability, Privacy by Design, Data Protection Officers. 



 WCET: EU Regulations that are Enforceable Against U.S. Higher Education Institutions (Novermber 2017)

 E.U. Data Protection Law Looms  Inside Higher Ed article (Nov. 6, 2017)

EDUCAUSE Presentation by William Hoye and Gian Franco Borio on the new regulations, Nov. 2, 2017 (includes slides on What IT Specialists need to Know

The General Data Protection Regulation Explained: Key Takeaways By Barmak Nassirian

Does GDPR Apply to American Companies?

 Thomson Reuters, Getting up to Speed on GDPR*(has webinar)

AACRAO Trending Topics on GDPR

 Hogan Lovells, Future-proofing privacy, May 1, 2016 (42 page booklet-how to)

Gian Franco Borio: Preparing for the EU Data Protection Regulations, NACUA, Nov. 2017

Resources on the European Union General Data Protection Regulation -NACUA password protected

new page 12-4-17 mlo, updated 1-11-2018