Division of Information Technology

GDPR Statement

European Union General Data Protection Regulation (GDPR)

The GDPR went into effect May 25, 2018. The GDPR was written to expand personal privacy rights for European Union (EU) residents. The rule:

  • Applies to all organizations that possess personal data provided by people while they are residing, permanently or temporarily, in the EU.
  • Defines data broadly: any data that can be used to identify an individual such as genetic, mental, cultural, economic, technological or social information.
  • Requires valid consent to collect personal data: consent must be informed, unambiguous, freely given.
  • Allows individuals the right to be forgotten.

Saint Peter’s University GDPR Program

SPU has assigned the development of a GDPR compliance program to the Data Standards Committee. The group has been tasked with:

  • Creating a plan to meet GDPR requirements
  • Creating governance around GDPR data management
  • Begin implementation of a GDPR program using pilot offices with highest exposure to EU residents