European Union General Data Protection Regulation (GDPR)

Date Created: 5/25/2018 9:08:39 AM

The General Data Protection Regulation (GDPR) is a new data protection privacy standard for individuals in the European Union (EU) that formally takes effect May 25, 2018. It was written to expand personal privacy rights for individuals in the EU, and it affects organizations worldwide, including universities.


  • Applies to all institutions that control or process personal data provided by individuals while they are residing in the EU, whether permanently or temporarily.
  • Applies to EU residents and non-EU citizens who are located in the EU.
  • Mandates a baseline set of standards for how institutions can handle certain, covered, personal data of individuals located in the EU.
  • Requires a legal basis and/or valid consent to collect personal data.

The GDPR may have implications for your business unit if you collect, store, or process personal data from individuals located, permanently or temporarily, in the EU. Personal data, as defined broadly under the GDPR, is any data that can be used to identify an individual such as genetic, economic, technological, name, address, phone, national ID, educational data, and more.


The NAU GDPR Program

Northern Arizona University is committed to safeguarding and protecting the privacy of personal data and has formed a working group that is developing a GDPR compliance program.

The group includes the Chief Data Officer, the Office of General Council, members from Information Technology Services and Information Security Services, and will continue to add representatives from across the university.

The group has created a plan to meet GDPR requirements and a data inventory survey for business units that store or process data likely to be affected by the GDPR.

 More information about GDPR can be found on the European Commission website.