General Data Protection Regulation (GDPR)
Overview
The European Union General Data Protection Regulation (GDPR) is a data privacy law that applies to personal information collected in or from the European Union and European Economic Area. It replaces the Data Protection Directive 95/46/EC and was designed to bring conformity to data privacy laws across EU member states. In Europe, privacy is considered a fundamental right.
Territorial Scope of the GDPR
The GDPR applies to organizations located within the European Economic Area (EEA) and to organizations outside of the EEA if they offer goods or services to, or monitor the behavior of, EEA data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the EEA, regardless of the company’s location and whether the person is an EU citizen. The GDPR’s territorial scope is more expansive than prior EEA privacy regulations.
Personal Data
The GDPR considers personal data to be any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be who can be identified, directly or indirectly, in particular by reference to, among other things, an identifier such as a name, an identification number, location data, or an online identifier. Examples of personal data include, but are not limited to, name and surname, home address, a photograph, email address (such as [email protected]), identification card numbers, personal phone numbers, location data (for example, the location data function on a mobile phone), Internet Protocol (IP) addresses, cookie IDs, the advertising identifier of a phone, data held by a hospital or doctor that uniquely identifies a person (for example, a unique patient number), and the content of exam papers.
Tarleton State University respects your privacy and is committed to ensuring that any personal or confidential information that is collected is kept accurate and secure from unauthorized access. Personal information that you provide via email or through other online means will be used only for purposes necessary to serve your needs, such as responding to an inquiry or other request for information. For inquiries about GDPR at Tarleton, email [email protected].
Additional Resources
United Kingdome’s Information Commissioner’s Office Guide to the GDPR