GDPR and Educational Institutions – Where We’ve Been, and Where We Are Now
Date: Tuesday, October 29, 2019
Time: 1:00-2:00PM Eastern
Please join the U.S. Department of Commerce and Connecticut District Export Council.
The General Data Protection Regulation (or “GDPR” for short) is a holistic set of data privacy requirements that addresses the life cycle of collection, use and disclosure of the “personal data” of European Union (“EU”) residents. Effective May 25, 2018, the GDPR has had wide-ranging implications for educational institutions across the globe – including in the United States. Generally speaking, educational institutions may become subject to the GDPR in one of two ways: (i) by having an “establishment” in the EU (e.g. a satellite campus, research center or study abroad facility) and/or (ii) by processing the personal data of EU residents (e.g. EU-based employees, soliciting applications from EU residents or seeking donations from alumni in the EU). Once subject to GDPR, educational institutions must comply with a multitude of requirements addressing individual rights, vendors and subcontractors, data breaches, and privacy policies.
This webinar will provide an overview of the GDPR and its requirements and address lessons learned since the law came into effect. Specifically, we will cover:
• Determining if and how the GDPR applies to your school (and how to possibly avoid GDPR all together);
• Key compliance obligations of the GDPR;
• Establishing a GDPR compliance program; and
• Relevant developments and lessons learned since May 2018.