Welcome to Compliance and Institutional Ethics
Our goal is to promote ethical and compliant conduct for all university members.
The General Data Protection Regulation "GDPR" is a European Union "EU" regulation that governs the processing and movement of EU resident's personal data. The GDPR, which was effective May 2018, replaces the 1995 Data Privacy Directive, and has a broader territorial scope and more significant fines (up to $20 million) for violations than prior EU law. The GDPR applies to entities located outside of the EU that handle personal data about EU residents when offering them services or monitoring their behavior. As the regulation is new, our understanding will continue to evolve over time.
The EU GDPR sets a broad definition for personal information and establishes a variety of requirements regarding the handling of EU residents’ personal information. Note that the law specifically applies to EU resdients rather than citizens. It does not apply to EU citizens while they reside in the United States. However, it does apply to United States citizens when they provide data to the University while temporarily located in the EU.
At a high level, GDPR addresses the following requirements:
In addition, data subjects have a number of rights, including the:
A core group, has been evaluating the impact of GDPR at NKU. This group is working closely with campus members that we expect to be most impacted by GDPR. If you would like to discuss the impact of GDPR on your department, email Joan Gates at firstname.lastname@example.org for more information.
Contact us at email@example.com if you have questions or concerns about the GDPR, how it may apply to your unit or inquiries related to personal data that may be collected and processed by Northern Kentucky University.
For assistance, please contact Legal Affairs at (859) 572-5588.