The GDPR, which went into effect two years ago this week on May 25, 2018, grants individuals’ certain rights to control how their personal data is collected and used, and imposes steep penalties on organizations found to be noncompliant. When the GDPR came into effect, there was limited guidance and decisions available to help US higher education institutions and edtech companies in understanding their obligations. Now, two years into the regulation’s implementation, there is significant guidance that can be analyzed and applied. The law applies to most U.S.-based higher education and edtech companies, as these have some type of interaction with EU residents, whether students, faculty, alumni, or through study abroad programs or other initiatives.
The Future of Privacy Forum (FPF) is a Washington, DC-based think tank that seeks to advance responsible data practices. The forum is led by Internet privacy experts and includes an advisory board comprised of leading figures from industry, academia, law, and advocacy groups. For more information, visit www.fpf.org.