Crafted by the European Union (EU), the General Data Protection Regulation (GDPR) applies to any organization or entity that collects personal information from a natural person who is physically present in an EU member state, regardless of the location of the entity collecting the information. In some instances, this applies to CMU academic and business operations. To ensure that CMU is prepared to respond to any requests made of it under the GDPR, OIT and CMU General Counsel continue to review the legislation and maintain appropriate documents and policies to guide our institutional response.
GDPR regulation places transparency requirements and use restrictions on entities collecting information and gives individuals robust rights regarding the management of their information. These rights include the right to access, to rectify and to object to information collected, and even the "right to be forgotten" when personal information is no longer needed by the collecting entity. In addition, there are notification requirements in the event of a data breach.
It is important to note that the GDPR is a compliance regulation issued by a foreign jurisdiction. How the EU member states will enforce this regulation is unknown. CMU will closely monitor enforcement activities, as well as any additional guidance issued by the EU. The University may then modify its compliance strategy based on this information.
If you collect personal data from individuals in European Union member states on behalf of the University, you must comply with CMU's GDPR policy. If you collect personal data from individuals in EU member states for reasons other than admission or employment, please send an email to email@example.com to ensure that such collection complies with the GDPR.
If you are currently living in or traveling to an EU member state, it is important that you review CMU's GDPR policy to become aware of your privacy rights and the University's compliance efforts with regard to those rights.
- Information on the GDPR and its impact on institutions in the US
- Full text of the General Data Protection Regulation
- CMU GDPR policy
- CMU legal information
If you have questions or concerns regarding Central Michigan University’s compliance with the GDPR, or wish to submit a GDPR request, please send an email to firstname.lastname@example.org.