Guide : Apr 11, 2017

page image

Why Read This Report

Few issues keep higher education executives awake at night more than data privacy. As the new European data protection law, the General Data Protection Regulation (GDPR), comes into effect on May 25, 2018, higher education institutions must position themselves to mitigate risk and strengthen compliance efforts. This comprehensive and complex law covers all processing of personal data, not just data that could be considered private. With this report, The Tambellini Group addresses what higher education needs to understand about GDPR, including how it impacts higher education, and what steps need to be taken to be in compliance. In the fast-changing world of cybersecurity and information governance, this report will prepare institutions for this new era in data protection.

Key Questions Answered

Report Features

Get Access

Tambellini members enjoy direct access to the industry’s top analysts, premium reports as well as an array of research data, analytics, and advisory services. Our unbiased reports, white papers, guides, case studies, and vendor profiles provide critical information on current technology trends, strategic thinking, and market scrutiny to aid our clients in aligning resources and strategies to achieve their ultimate goals and objectives.

Already a member?

Log in to access this report. As a Tambellini member, this report is included in your subscription fee.

Become a member

Tambellini offers research, analyst, and advisory services with an exclusive focus on higher education. Regardless of organization type, size, or budget, Tambellini can tailor membership services to uniquely fit your needs. To become a member, contact Client Services or visit Our Services page.



Table of Contents

  1. Acknowledgements
  2. Terms of Use
  3. Disclaimer
  4. Executive Summary
  5. Introduction
    1. GDPR as Part of the EU ‘Constitution’
    2. Uncertainty Regarding Interpretation and Enforcement
    3. Applicability to U.S. Higher Education Institutions
  6. Territorial Reach and Cross-Border Transfer of Data
    1. Offer of Goods and Services, Monitoring of Behavior
    2. Representative in the EU
    3. Cross-border Transfer of Personal Data
    4. EU-U.S. Privacy Shield Mechanism
  7. General GDPR Issues
    1. Processing
    2. Personal Data
    3. Special Category Data
    4. Legal Grounds for Processing
    5. Data Processing Principles
  8. Issues of Academic Research
    1. Consent
    2. Safeguards and Pseudonymization
  9. Specific GDPR Issues
    1. Specific Rights of the Individual
    2. Transparency and Notices
    3. Accountability and Risk Evaluation
  10. Practical Matters
    1. Data Protection Officer (DPO)
    2. Main Establishment
    3. Certificates and Codes of Conduct
    4. Documentation
    5. Security
    6. Breach Notification
    7. Complaints, Compensation, and Penalties
    8. Administrative Fines
    9. Compliance Checklist
  11. Conclusion
  12. Bibliography
  13. Appendixes
    1. Overview of the GDPR Articles
    2. Overview of Supervisory Authorities
    3. Short PowerPoint Summary
  14. About the Authors
  15. About The Tambellini Group
  16. Other Available Reports