Cybersecurity Series: GDPR and Higher Education Institutions

Client-Only Research

Why Read This Report

Few issues keep higher education executives awake at night more than data privacy. As the new European data protection law, the General Data Protection Regulation (GDPR), comes into effect on May 25, 2018, higher education institutions must position themselves to mitigate risk and strengthen compliance efforts. This comprehensive and complex law covers all processing of personal data, not just data that could be considered private. With this report, The Tambellini Group addresses what higher education needs to understand about GDPR, including how it impacts higher education, and what steps need to be taken to be in compliance. In the fast-changing world of cybersecurity and information governance, this report will prepare institutions for this new era in data protection.

Key Questions Answered

  • How will GDPR likely affect U.S. higher education institutions in relation to student, employment and research data?
  • How does the scope of GDPR go beyond that of similar U.S. statutes such as the Family Educational Rights and Privacy Act (FERPA) or the Protection of Pupil Rights Amendment (PPRA)?
  • What are the fines associated with breaches of the GDPR?
  • What preparations should be taken to be compliance-ready by the time GDPR comes into effect?

Report Features

  • Download complimentary Executive Summary.
  • Author: Ann Kristin Glenster is an acknowledged global legal authority specializing in data privacy. She is deeply involved with the GDPR’s implications, and acts as a private consultant on issues related to GDPR and data protection.
  • Co-Author: Katelyn Ilkani, VP, Cybersecurity Advisory Practice, The Tambellini Group.
  • Peer Reviewers: Chad Tracy, Director of Information Security, Colby College and David Sherry, CISO, Princeton University.
  • Report Length: 57 pages.
  • Report Availability: August 2017.

Table of Contents

  1. Acknowledgements
  2. Terms of Use
  3. Disclaimer
  4. Executive Summary
  5. Introduction
    1. GDPR as Part of the EU ‘Constitution’
    2. Uncertainty Regarding Interpretation and Enforcement
    3. Applicability to U.S. Higher Education Institutions
  6. Territorial Reach and Cross-Border Transfer of Data
    1. Offer of Goods and Services, Monitoring of Behavior
    2. Representative in the EU
    3. Cross-border Transfer of Personal Data
    4. EU-U.S. Privacy Shield Mechanism
  7. General GDPR Issues
    1. Processing
    2. Personal Data
    3. Special Category Data
    4. Legal Grounds for Processing
    5. Data Processing Principles
  8. Issues of Academic Research
    1. Consent
    2. Safeguards and Pseudonymization
  9. Specific GDPR Issues
    1. Specific Rights of the Individual
    2. Transparency and Notices
    3. Accountability and Risk Evaluation
  10. Practical Matters
    1. Data Protection Officer (DPO)
    2. Main Establishment
    3. Certificates and Codes of Conduct
    4. Documentation
    5. Security
    6. Breach Notification
    7. Complaints, Compensation, and Penalties
    8. Administrative Fines
    9. Compliance Checklist
  11. Conclusion
  12. Bibliography
  13. Appendixes
    1. Overview of the GDPR Articles
    2. Overview of Supervisory Authorities
    3. Short PowerPoint Summary
  14. About the Authors
  15. About The Tambellini Group
  16. Other Available Reports

Share This Research

Client-Only Research

Work Better, Smarter, and
Faster With the Tambellini Group

Supports institutions from technology strategy through contract negotiation

Enables planning for short and
long-term strategies

Empowers CIOs to lead their institutions into a dynamic technology landscape

Higher Education Institutions


Solution Providers & Investors

market insights

Become a Client of the Tambellini Group.

Get exclusive access to higher education analysts, rich research, premium publications, and advisory services.


Request a Briefing with a Tambellini Analyst

Suggest your research topics

Subscribe to Tambellini's Top of Mind.

Weekly email featuring higher education blog articles, infographics or podcasts.