What is GDPR?
GDPR is a new regulation promulgated by the European Union which provides for more rigorous protection and regulation of personal data. GDPR applies not only to data located in the European Union, but also to data concerning individuals located in the European Union controlled by or processed by entities outside the European Union. Importantly, GDPR applies to data concerning individuals located in the European Union whether or not they are a citizen or a permanent residence of a country in the European Union.
The full text of GDPR can be reviewed here.
When does GDPR take effect?
GDPR takes effect on May 25, 2018.
What information is subject to GDPR?
GDPR applies to the control or processing of Personal Data. Personal Data is defined as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Examples of identifiers include, but are not limited to: name, physical address, email address, financial information, date of birth, photo, phone number, identification number, IP address, biometric data, race, ethnicity, religion, sexual orientation and gender identity.
Does Stevens protect information that is subject to GDPR?
Yes. Stevens has a robust information security program that is based on industry recognized information security best practices such as ISO27001:2103, NIST SP 800-53, NIST 800-171, and Center for Internet Security top 20 Controls.
If I have questions about GDPR and Stevens, who should I talk to?
Individuals with questions regarding GDPR and Stevens should write to [email protected]
Will these frequently asked questions concerning GDPR continue to be updated?
These frequently asked questions will be updated from time to time. Please check back for further updates.