UW Privacy Office

EU GDPR

The European Union’s General Data Protection Regulation (EU GDPR) broadly applies to data about persons who reside in the European Union. GDPR limits when and how organizations worldwide can collect, store, process, and use personal data.  It also provides individuals with certain rights related to their personal data, including notice or consent, rights of access, and in some cases, requests for deletion.

Applicability:

Any and all areas of the UW that collect or process (for example: analyzing, storing, and deleting) personal data about persons who reside in the EU. This includes, but is not limited to, students, distant learners, athletes, employees, patients, research subjects, alumni, donors, etc.

Personal data is defined as any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, by reference to:

  • Any identifier, such as name, ID, location data, online identifier; or
  • Factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. 

Effective Date:

May 25, 2018

Fines:

Up to 4% of global annual turnover (revenue) or 20 million euro

Initial Efforts:

Members of the UW have developed a risk management approach to help units address EU GDPR requirements by initially developing high priority foundational elements of compliance described in the UW Standard for European Union General Data Protection Regulation, and briefly below:

Collaborative Committee and Work Groups:

UW Privacy Office provided strategic support with project management from Academic and Student Affairs. The overarching committee and workgroups included members from Advancement, Attorney General’s Office, Compliance and Risk Services, Enrollment Management, Financial Management, Global Affairs, Global Health, Office of Research, UW Continuum College, UW Medicine Compliance, and UW Medicine IT Services.

Resources:

Outcomes from the work groups will be published on privacy.uw.edu with communication and initial information sessions for campus.

Timeline:

October 2017 – May 2018 

Ongoing efforts after May 2018:

The UW Privacy Office will lead ongoing efforts to further interpret the areas of the EU GDPR that were not included in the initial effort.