ESU's Julia statue with students walking past

GDPR Frequently Asked Questions

Home
About ESU
General Data Protection Regulation
Current:GDPR Frequently Asked Questions

The General Data Protection Regulation (GDPR) is the current EU law on information privacy and data protection.

Who at the university needs to worry about GDPR compliance?: Everyone who engages in, or provides support services to anyone who engages in, any activity related to “controlling” or “processing” personal data of GDPR-covered individuals must be involved in GDPR compliance efforts. These efforts include evaluating data and its use on campus and designing/implementing compliance policies, procedures, and best practices. Some examples of such departments include, but certainly are not limited to:

Enrollment, admissions, and/or marketing departments may be involved in collecting and otherwise using personal data in soliciting or accepting expressions of interest and/or application materials from prospective students located in the EU.

Similarly, human resources departments are likely doing the same with personal data of prospective employees located in the EU.

Alumni organizations are likely collecting or otherwise using personal data of graduates who reside in, or have relocated to, the EU.

Academic departments are likely collecting or otherwise using personal data of its members who may be permanently or temporarily located in the EU (ex: study abroad or international program faculty), or other academic colleagues located in the EU (ex: research associates, etc.)

Distance learning departments are likely collecting or otherwise using personal data of online students located in the EU and/or faculty located in the EU who are teaching online courses.

Finance departments are likely collecting or otherwise using personal data of individuals located in the EU for billing, collection, or procurement/contracting purposes.

Information technology departments will have responsibility for security and data breach policies, procedures, and best practices, and for assisting other university departments with planning and implementing changes to their relevant data management systems for GDPR compliance purposes.
When does the GDPR take effect?
Whose data does the GDPR protect?: The GDPR covers personal information of all natural persons—that is, people, but not legal entities like corporations or nonprofits—physically within the EU ("EU data subjects"). The GDPR makes no distinctions based on individuals' permanent places of residence or nationality. The GDPR applies to all such individuals' personal data.
What constitutes personal data?: “Personal data” means any information relating to an identified, or identifiable, individual covered by the GDPR. Some examples of “personal data” include name, image, identification number, location data, birth date, race/ethnicity, academic information, etc., as well as online identifiers such as IP addresses or “cookies” that can identify an individual through a device, etc.
Do the rules only apply to EU citizens or residents?
What countries are part of the European Union?: Members of the European Union include:

Austria

Belgium

Bulgaria

Croatia

Cyprus

Czech Republic

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Iceland²

Ireland

Italy

Latvia

Lichtenstein2

Lithuania

Luxembourg

Malta

Netherlands

Norway²

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

United Kingdom¹

[1 ] Although the United Kingdom is exiting the European Union, it is still going to participate with the GDPR.

[2 ] Although these three countries are not part of the European Union, they have opted in to be covered under the Global Data Protection Regulation (GDPR).

Disclaimer: East Stroudsburg University is not a law firm and does not provide legal services or advice. This language is for informational purposes only and is subject to regular changes.

Please call the Office of Marketing and Communications at (570) 422-3532 with general questions about ESU. For Sports Information, please call (570) 422-3312.

Contact Information

Campus Address: Computing Center
Fax:: (570) 422-3400 (Fax)

Title of Department Leader: Chief Information and Technology Officer
Name: Robert Smith
E:: rsmith91@esu.edu
Phone:: (570) 422-3114

GDPR Frequently Asked Questions

Contact Us

Contact Information