Individuals have more rights than ever regarding what happens to their personal data.
The General Data Protection Regulation (GDPR) is a privacy and security law designed to protect the personal data of individuals. Though it was passed by the European Union (EU), it impacts organizations worldwide that have access to personal data, offer goods or services to collect data or monitor the behavior of individuals in the EU. For this reason, FSU and direct service organizations, such as the FSU Foundation or Seminole Boosters, must comply with GDPR compliance policies to protect the personal data of anyone located in the EU.
All personal data collected or processed by any FSU unit under the scope of the GDPR must comply with the security controls within the university’s information security and privacy policies.
4-OP-H-20 Information Technology Security and Information Assurance Policy
What data is subject to GDPR?
The GDPR applies to personal data submitted or disclosed to FSU by an individual or third party while someone is located within the EU, such as at an FSU international study center or while independently researching within a country in the EU. It also applies to any personally identifiable information collected or received from the EU that is used in research projects within FSU campus units.
Personal data is any information that can be used to directly or indirectly identify a person. This includes name, photo, email, address, phone number, FSUID, IP address or other online identifiers and one or more factors specific to the physical, physiological, genetic, mental, economic or social identity of a person. Even personal data that has been anonymized can fall within the scope of the GDPR depending on how difficult it is to re-identify an individual through the information.
What is the purpose of GDPR?
The GDPR aims to empower individuals to take control of how their personal data is collected and used. It gives individuals far more rights over their personal data than previous laws by requiring organizations to lawfully process personal data and ensure data protection laws keep pace with technological changes and advancements.
Resources
Request Edits to Personal Data
Exercise your rights to restrict, delete or amend data collected and processed by FSU that is subject to GDPR*
