View
10
Download
0
Category
Preview:
Citation preview
GeneralDataProtectionRegulation(GDPR)
ProjectKick-Off
Agenda
• Welcome
• WhatisGDPR
• Planofaction
• Yourrole
• NextSteps
TheGDPRTeam-DataProtectionOfficer/ComplianceWhitneyGlenz-HumanResourcesRadhikaAyyar-InternationalProgramsEvieMyers-InformationTechnologyJimFritz-InformationSecurityHenryRose&DavidMaxwell
-ChiefInformationOfficerMidhatAsghar-EnrollmentServicesMichelleHill-Procurement&DisbursementMarieJohnson-AlumniRelationsEdieCharlot-Marketing&CommunicationsMauricePerkins
IntroductiontoGDPR
GDPRBasics• GDPRsaysthatifyoucollectpersonaldataorbehaviorinformationfrom
someoneINanEUcountry,youaresubjecttotherequirementsoftheGDPR.
• First,thelawonlyappliesifthedatasubjectsareINtheEUwhenthedataiscollected.ForEUcitizensoutsidetheEUwhenthedataiscollected,theGDPRwouldNOTapply.
• GDPRwillregulatedatacontrollersandprocessorsbothintheEUandoutsideoftheEU.
• GeneralDataProtectionRegulationisalegallyenforceableEUregulationpassedtoreplacetheDataProtectionDirective.
• GDPRenforcementwillbeginMay25,2018.
GDPR–10Tips
ElementsoftheGDPR
• DataflowsfromtheEUmustbeunderstoodandmapped
• Datamustbelawfullyprocessed
• Expandeddutiesforcontrollersandprocessors
• Expandedrightsfordatasubjects
ExamplesofActivitiesThatCouldBeSubjectToGDPR
• ResearchinvolvingpersonslivingintheEU– DatacollectedbyPVAMUresearchers
directly– DatacollectedbyentitieslocatedintheEU
thentransferred/soldtoPVAMUresearchers
• ProcessingofdatabyPVAMUforcontrollersorprocessorslocatedintheEU
• PVAMUappsmarketedtopersonslivingintheEU
• Internetbrowsingdata/cookiesofpersonslivingintheEU
• PVAMUadmissionsdataregardingpersonslivingintheEU
• DataofpersonslivingintheEUcollectedduringtherecruitmentofPVAMUstaff
• DataofPVAMUprofessorsteachingabroad
• DataofPVAMUstudents(studyingabroad)
• DataofpersonslivingintheEUcollectedduringPVAMUfundraisingefforts
• PVAMUPhonerecords• PVAMUMedicalrecords• Metadata&logs
– Mailheaders,dooraccesslogs,libraryrecords
PVAMUGDPRProject:Goal&ApproachGoal:PVAMUwillreviewGDPRrequirements,anddeveloparisk-basedcompliancestrategyandcorrespondingcomplianceprogram.Approach:• People:engagetherightstakeholders,documentGDPRroles&
responsibilities• Policy:provideprivacystatementsandsupportingtemplates&
documentation• Process:assessandaddressprocessesinsupportofcompliance• Technology:identifypossibletechnicalsolutionsenabling
compliance
YourRole• WorkingGroupParticipation
– Activelyparticipateinall-stakeholdermeetingsandcontributetotheprogressoftheproject
– ProvideinputtothedesignofongoingGDPRprogram– Serveasaon-goingGDPRliaisonforyourpartoftheorganization
• Process&documentdevelopmentandreview
– IdentifydataflowspotentiallyregulatedbyGDPR– ActivelyparticipateinworkingsessionstodocumentandanalyzeprocessesinyourorganizationthatmaybeimpactedbyGDPR
– Utilizeandtakeownershipofon-goingprocessesanddocumentationdevelopedbytheproject(dataflowtemplate,etc.)
TheGDPRTeam-DataProtectionOfficer/ComplianceWhitneyGlenz-HumanResourcesRadhikaAyyar-InternationalProgramsEvieMyers-InformationTechnologyJimFritz-InformationSecurityHenryRose
-InformationSecurityDavidMaxwell-ChiefInformationOfficerMidhatAsghar-RegistrarMichelleHill-TravelOfficeMarieJohnson
• UpdatePoliciesandProcedurestoreflectconsentandGDPRNoticeofRights
• Provideupdatedpoliciesandprocedurestothecampuscommunity
• DeveloplistofSummerTraveltoEUforFaculty/StaffandStudents
• ScheduleGDPRProjectMeetingforLateSummer
• DevelopwebsiteforGDPRatPVAMU
NextSteps
OpenDiscussion
Recommended