General'Data'Protection'Regulation'
(GDPR)'
'Project'Kick-Off'
Agenda'
Welcome'
What'is'GDPR''
Plan'of'action'
Your'role'
Next'Steps'
The'GDPR'Team'
-Data'Protection'Officer/Compliance'
Whitney'Glenz'
'
-Human'Resources'
Radhika'Ayyar'
'
-International'Programs'
Evie'Myers'
'
-Information'Technology'
Jim'Fritz'
'
-Information'Security'
Henry'Rose'&'David'Maxwell'
'
-Chief'Information'Officer'
Midhat'Asghar'
'
-Enrollment'Services'
Michelle'Hill'
'
-Procurement'&'Disbursement''
Marie'Johnson'
'
-Alumni'Relations'
Edie'Charlot'
'
-Marketing'&'Communications'
Maurice'Perkins''
Introduction'to'GDPR'
GDPR'Basics'
GDPR'says'that'if'you'collect'personal'data'or'behavior'information'from'
someone'IN'an'EU'country,'you'are'subject'to'the'requirements'of'the'
GDPR.''
First,'the'law'only'applies'if'the'data'subjects'are'IN'the'EU'when'the'data'is'
collected.'For'EU'citizens'outside'the'EU'when'the'data'is'collected,'the'
GDPR'would'NOT'apply.'
GDPR'will'regulate'data'controllers'and'processors'both'in'the'EU'and'
outside'of'the'EU.'
General'Data'Protection'Regulation'is'a'legally'enforceable'EU'regulation'
passed'to'replace'the'Data'Protection'Directive.'
GDPR'enforcement'will'begin'May'25,'2018.'
GDPR'–'10'Tips''
Elements'of'the'GDPR'
Data'flows'from'the'EU'must'be'understood'and'
mapped'
Data'must'be'lawfully'processed'
Expanded'duties'for'controllers'and'processors'
Expanded'rights'for'data'subjects'
'
Examples'of'Activities'That'Could'Be'Subject'To'GDPR'
Research'involving'persons)living)in)the)
EU)
Data'collected'by'PVAMU'researchers'
directly'
Data'collected'by'entities'located'in'the'EU'
then'transferred/sold'to'PVAMU'
researchers'
Processing'of'data'by'PVAMU'for'
controllers'or'processors'located)in)the)
EU)
PVAMU'apps'marketed'to'persons'living)
in)the)EU)
Internet'browsing'data/cookies'of'
persons'living)in)the)EU)
PVAMU'admissions'data'regarding'
persons'living)in)the)EU)
Data'of'persons'living)in)the)EU)
collected'during'the'recruitment'of'
PVAMU'staff'
Data'of'PVAMU'professors'teaching)
abroad)
Data'of'PVAMU'students'(studying)
abroad)'
Data'of'persons'living)in)the)EU)
collected'during'PVAMU'fundraising'
efforts'
PVAMU'Phone'records'
PVAMU'Medical'records'
Metadata'&'logs'
Mail'headers,'door'access'logs,'library'
records'
PVAMU'GDPR'Project:'Goal'&'Approach'
)
Goal:)'
PVAMU'will'review'GDPR'requirements,'and'develop'a'risk-based'
compliance'strategy'and'corresponding'compliance'program.'
'
Approach:)
People:'engage'the'right'stakeholders,'document'GDPR'roles'&'
responsibilities'
Policy:'provide'privacy'statements'and'supporting'templates'&'
documentation'
Process:'assess'and'address'processes'in'support'of'compliance'
Technology:'identify'possible'technical'solutions'enabling'
compliance'
Your'Role'
Working'Group'Participation'
Actively'participate'in'all-stakeholder'meetings'and'contribute'to'the'
progress'of'the'project'
Provide'input'to'the'design'of'ongoing'GDPR'program'
Serve'as'a'on-going'GDPR'liaison'for'your'part'of'the'organization'
'
Process'&'document'development'and'review'
Identify'data'flows'potentially'regulated'by'GDPR'
Actively'participate'in'working'sessions'to'document'and'analyze'
processes'in'your'organization'that'may'be'impacted'by'GDPR'
Utilize'and'take'ownership'of'on-going'processes'and'documentation'
developed'by'the'project'(data'flow'template,'etc.)'
The'GDPR'Team'
-Data'Protection'Officer/Compliance'
Whitney'Glenz'
'
-Human'Resources'
Radhika'Ayyar'
'
-International'Programs'
Evie'Myers'
'
-Information'Technology'
Jim'Fritz'
'
-Information'Security'
Henry'Rose''
-Information'Security'
David'Maxwell'
'
-Chief'Information'Officer'
Midhat'Asghar'
'
-Registrar'
Michelle'Hill'
'
-Travel'Office'
Marie'Johnson'
Update'Policies'and'Procedures'to'reflect'consent'and'GDPR'
Notice'of'Rights'
Provide'updated'policies'and'procedures'to'the'campus'
community'
Develop'list'of'Summer'Travel'to'EU'for'Faculty/Staff'and'
Students'
Schedule'GDPR'Project'Meeting'for'Late'Summer'
Develop'website'for'GDPR'at'PVAMU'
Next'Steps'
Open'Discussion'