Besides for serving as the start to a beautiful Memorial Day weekend, Friday, May 25th of 2018 will always be remembered for its hosting of the GDPR’s long-anticipated debut. A consolidation of data privacy standards across EU member states, the General Data Protection Regulation (GDPR) standardizes compliance requirements and offers uniform protections for all EU residents.
If you’re part of the U.S. higher education space, you might be wondering how this impacts you. Although the answer may shock and surprise, deep down you’ll whisper to yourself “I saw this coming”. Read further as the Arrow team outlines the GDPR’s widespread implications for American colleges and universities, and shows how you can help your institution navigate the upcoming paradigm shifts in global standards for consent, data privacy, and security.
There’s a new sheriff in town
A replacement to the Data Protection Directive of 1995, the GDPR is especially significant because of its robust reach, enforceability, and level of clarity. As an overview, it offers all EU residents with greater ownership regarding their personal data, with some highlights including the right to “be forgotten”, a fortified consent process, and more stringent breach notification protocol requirements. Some unique aspects that differ from US privacy laws (such as HIPAA and FERPA) include an emphasis on the consumer as opposed to industry-specific standards, and an “expanded definition of processing” which includes any collection, retention, deletion, breaches, and disclosures of personal data.
A wolf in sheep’s clothing
Think you’re getting out of this one? Think again. If your institution:
Has a campus in Europe, or conduct study abroad program in Europe…
Receives applications from European-based students or residents–
Supplies distance learning to students in any of the 28 EU member countries…
Holds information on alumni, professors, or donors within Europe–
You are responsible for complying with all requirements. Even more importantly, non-compliance can translate to fines up to $23M, or even worse, 4% of global revenue.
The beloved tutor in your least favorite class
If you’ve just now identified that your institution is at risk, we’re guessing you’re not alone. Good news is, we’re here to help. As innovators and advocates of better data and payment processing solutions, we’ve been waiting to work alongside someone like you.
Learn how we can consult with your university team to “sort the good from the bad” and implement P2PE processing, PCI scope elimination, advanced reconciliation, and analytics of donation & fundraising efforts here: