General Data Protection Regulation (GDPR) (Eu)


The European Union’s General Data Protection Regulation (GDPR) enforcement takes effect on May 25, 2018 and many questions have arisen in anticipation of this date. This broad new law attempts to enforce data protections for all EU citizens, whether they are home or abroad. It also grants the same rights to those from outside the EU who happen to be living, working, or studying in a EU member nation. Non-compliance may lead to very stiff fines, but it remains to be seen how entities outside of the EU will be affected, if at all.

GDPR at Gustavus

At Gustavus, we’re continually taking action that brings us closer to compliance, however, we are doing so because it is either a recognized best practice, or it brings us into alignment with myriad regulations that more directly impact us. FERPA, HIPAA, PCI, and others regulate how we collect, store, and handle data. Additionally, states continue to augment student data privacy protections. In the past five years alone, more than 35 states have enacted laws that are relevant to how institutions of higher education use student data.

Our goal is to continue to make steady progress that focuses on the long-term effort to improve our security and data privacy processes and policies. We hope to begin a comprehensive data inventory that will better inform us of our current data practices. We will also continue to scrutinize our vendors’ usage to ensure that any data they receive is treated appropriately.

Much remains to be seen as to how the GDPR is interpreted and enforced in the EU and beyond, but the demands it makes will assuredly impact how institutions ultimately view user data. We will monitor the situation in order to help with any necessary changes, and we will continue to make progress to enhance data privacy and security practices at Gustavus.

How Can I Help?

In the meantime, there are a number of things you can do to help:

  • Perform a scan using Spirion to expose any Personally Identifiable Information (PII) that may reside in your email or on your machine.
  • Sign up for Duo Two Factor Authentication to protect your account and everything your account allows you to access.
  • Know that GTS will never ask for your password. If you receive a strange email that asks you to enter your credentials, it is a phishing scam, and you should delete it.
  • Ensure files are stored and shared using a method that is compliant. Please see: Filesharing Information
  • Review computing habits best practices Best Practices
  • Add DUO two-factor authentication support to your email account by migrating to GusMail. To Migrate: GusMail Migration