You may have received emails over the past few weeks about General Data Protection Regulation (GDPR).  LSA units that are Google Analytics users received an email urging users to take action.  As administrators on all the unit accounts, Web Services will make any changes necessary to Google Analytics based on recommendations from the university's GDPR working group.

More information on GDPR compliance is available on the Safe Computing website. We will also post updates as it impacts LSA when it becomes available.

What is General Data Protection Regulations (GDPR)?

In short, the GDPR say you must obtain consent from your vistitors and clearly explain how you plan to use their personal data. It formally takes effect May 25, 2018, is intended to affect organizations worldwide, including universities.

The GDPR:

• Expands personal privacy rights for EU residents and also affects non-EU citizens located in the EU.
• Mandates a baseline set of standards for organizations that handle certain personal and other data of individuals located in the EU to better safeguard the processing and movement of that data. 
  
• Applies to institutions with no physical EU presence if they control or process covered information (irrespective of whether the subject individuals are EU citizens).
  
• Calls for fines of up to 4% of annual global turnover, or 20 million euros, whichever is more, for violations of the regulation.

What is U-M doing to prepare?

The University of Michigan is developing a GDPR compliance program. The University Privacy Officer and the Office of General Counsel have convened a working group with representatives from Michigan Medicine Corporate Compliance, the Office of University Development, the Alumni Association, the U-M Office of Research, Human Resources, the Office of the Provost, the International Center, and Procurement.