Appalachian State University EU GDPR

Appalachian State University European Union’s General Data Protection Regulation (“EU GDPR”)

• What is the EU GDPR and when did it take effect?

The European Union General Data Protection Regulation (“EU GDPR”) is a general privacy law that applies to personally identifiable information: (1) collected in the European Union (EU); (2) from individuals in EU countries that is related to either goods or services offered in the EU; or (3) that involves the monitoring of individuals in the EU. This regulation applies both inside and outside the EU and applies to data about anyone in the EU, regardless of whether they are a citizen or permanent resident of an EU country.

The regulation went into effect May 25, 2018.

• What areas of Appalachian State University may be impacted by the EU GDPR?

Any department or unit of the University that collects, processes, discloses, or stores personally identifiable information related to any individual who is located in the EU may be impacted by this regulation. Specific areas of impact will be the Office of International Education and Development (OIED), Office of Admissions, Distance Education, the Office of Research, and Human Resources.

• What information is subject to the EU GDPR?

The EU GDPR applies to the collection, use or storage of personally identifiable information or data, which is defined as any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to a particular identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.
Examples of personally identifiable information or data include, but are not limited to, the following: name, photograph, email address, identification number (i.e. Banner ID #), social security number, App State Account (User ID), physical address or other location data, IP address or another online identifier.

• What rights does the EU GDPR provide to individuals?

Generally, the EU GDPR provides identifiable natural persons with:
a. the right to request access to or transfer of an individual’s personally identifiable information;
b. the right to request information about the methods used to collect, store or process an individual’s personally identifiable information;
c. the right to request information about any third parties that receive an individual’s personally identifiable information;.
d. the right to request restrictions on the use or disclosure of an individual’s personally identifiable information if the individual believes any data is processed unlawfully;
e. the right to request corrections to any personally identifiable information that appears incomplete or inaccurate;
f. the right to object to the collection, retention, and use of any personally identifiable information if there are legitimate grounds for such objection;
g. the right to full and transparent information and communication about personal data practices, including the right to be notified about unauthorized access;
h. the right to file a complaint with the appropriate authorities in the United States or European Union; and
i. the right to withdraw consent at any time for the collection, storage or processing of personally identifiable information.

• Where can I find Appalachian State University’s Data Security Standards and Requirements for EU GDPR Data?

All personally identifiable data collected or processed by any Appalachian State University unit must comply with the security controls and process requirements designated under the University’s Information Security Policy and Associated Standards.

• Where can I find additional information regarding the EU GDPR?

Additional information regarding the EU GDPR, including the text of the regulation, can be found at https://eugdpr.org.

• Where can I find Appalachian State University’s EU GDPR Privacy Notice?

You can review the University’s EU GDPR privacy notice at: https://its.appstate.edu/data-governance/appalachian-state-university-gdpr-privacy-notice

• Which office at Appalachian State University should I contact for more information or if I have questions regarding how my personal data is collected, stored or processed?

Please contact the Appalachian State University, Office of Information Security at 828-262-6946 or via email at security@appstate.edu.