AnsweredAssumed Answered

GDPR Topic from June 7, 2018 KBUG Meeting

Question asked by pp0054841 on Jun 7, 2018

Hello All


We did not have time to review the GDPR topic as listed on the agenda from today's meeting. I was asked to provide a brief synopsis.


Please feel free to add your insight into this topic and how your institution is preparing for this mandate.  Does it affect your institution and how?


It is as follows:


  • What is GDPR?
    • GDPR is the acronym for General Data Protection Regulation.
  • What population does this impact?
    • Any person who steps foot within one of the 28 European Countries that belong to the European Union.  This is regardless of citizenship.
  • How does it pertain to Educational Institutions?
    • Educational Institutions are data heavy. We collect a great deal of data from students, employees, and faculty who do not necessarily reside or travel within in a local region of the United States.  With that collection, we have the need to store it somewhere.
    • GDPR is a mandated from the European Union(EU) that is stipulating how an organization is required to handle and store that data, much like what we see with FERPA or on the healthcare side, HIPAA.  Only-this is more than just the release of personal information.
    • The new mandate requires the implementation of appropriate measures/process, both technical and organizational, to be in place to safeguard that data in regards to the type of(what) data; where the data is stored; how that data is used.
    • Institutions will need to find a way to track interaction with those residing or traveling in the EU. 
    • Institutions will need to obtain special consent just to “store” personal information, such as photos, addresses, IP addresses, etc.
    • Institutions will need to address Business Partner contracts with third-party vendors to insure that they have processes in place in regards to data collection, storage, privacy, and security to protect the institution as well.
    • Increased training for ALL personnel will need to take place and a designee will need to be assigned to oversee the processes.
  • How does this relate to Blackboard(Bb)?
    • Limit the amount of USER information that you collect and store for each user in Bb-collect minimum necessary.
      • § Have your multi-functional SIS be the mainstay of user information—easier to maintain one main system.
    • Q2 2018 upgrade addresses this mandate by replacing the Security Mgmt: Cookies Disclosure Building Block with Security Mgmt: Data Use and Privacy Disclosure.
      • § See Behind the Blackboard Article 000048734: Cumulative Update 1 for Bb Learn, 9.1 Q2 2018
  • The following article is a great overview as well: