General Data Protection Regulation and the UT System GDPRs Intent - - PowerPoint PPT Presentation

▶

Nov 09, 2022 99 likes •200 views

General Data Protection Regulation and the UT System GDPRs Intent The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the

SLIDE 1

General Data Protection Regulation and the UT System

SLIDE 2

GDPR’s Intent

“The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.”

Source: EUGDPR.org

SLIDE 3

General Data Protection Regulation (GDPR)

European Union regulation that expands previous data

privacy regulations in scope and applicability

Scope- companies within the EU and entities outside of

the EU that process data of individuals located within the EU

Similar privacy tenants of existing privacy regulations
Applicability- began May 25

SLIDE 4

GDPR Scope

“applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU.”

Source: EUGDPR.org 4

SLIDE 5

GDPR: Core Principles

Individuals

Personal data: any

information related to an identified or identifiable person;

Examples- Name,

photo, DOB, email, social media posts, location data, IP address

Entities

Controllers or

processors of personal data;

Location of the person

controls

Presence within the

EU triggers compliance

UT System

Transparency

Collection, purpose, and

use of data must be clearly communicated;

Privacy notices;
Consent may be

required;

Vendor contract terms

SLIDE 6

GDPR Scope for Institutions

International Studies office- study abroad programs

– Focus on students, faculty and staff- Title IX issues – Consent or waiver of rights under GDPR to allow for transmission of data

Alumni relations and recruitment offices- outward

solicitation of individuals globally

SLIDE 7

GDPR Scope for Institutions

International sponsored research projects
International patients
International conferences and marketing
Vendor contracts

GDPR applies to data generated from a EU member state not from within the U.S.

SLIDE 8

Panelists

Krista Barnes- MD Anderson
Cristina Blanton- UT System
Lorena Gonzalez-Johnson- UT El Paso
Christina Solis- UT Health

SLIDE 9

General Data Protection Regulation and the UT System

GDPR’s Intent

“​The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.”

General Data Protection Regulation (GDPR)

privacy regulations in scope and applicability

the EU that process data of individuals located within the EU

GDPR Scope

GDPR: Core Principles

Individuals

information related to an identified or identifiable person;

photo, DOB, email, social media posts, location data, IP address

Entities

processors of personal data;

controls

EU triggers compliance

Transparency

use of data must be clearly communicated;

required;

GDPR Scope for Institutions

– Focus on students, faculty and staff- Title IX issues – Consent or waiver of rights under GDPR to allow for transmission of data

solicitation of individuals globally

GDPR Scope for Institutions

GDPR applies to data generated from a EU member state not from within the U.S.

Panelists

Questions and Comments

“The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.”