GDPR Compliance
This site provides information and resources regarding Central Michigan University’s efforts to comply with the European Union's General Data Protection Regulation.
In April 2016, the EU adopted new privacy regulations related to the collection of personal information. This regulatory framework—known as the General Data Protection Regulation—became effective May 25, 2018. The GDPR applies to any organization or entity that collects personal information from a natural person who is physically present in an EU member state, regardless of the location of the entity collecting the information. The regulation places transparency requirements and use restrictions on entities collecting information and gives individuals robust rights regarding the management of their information. These rights include the right to access, to rectify and to object to information collected, and even the "right to be forgotten" when personal information is no longer needed by the collecting entity. In addition, there are notification requirements in the event of a data breach.
It is important to note that the GDPR is a new compliance regulation issued from a foreign jurisdiction. How the EU member states will enforce this regulation is unknown. CMU will closely monitor enforcement activities, as well as any additional guidance issued by the EU. The University may then modify its compliance strategy based on this information.
If you have concerns regarding Central Michigan University’s compliance with the GDPR, please contact the GDPR Working Group at GDPR_Gurus@groups.cmich.edu.