GDPR Web Privacy Compliance
Requirements Based on GDPR Compliance
On May 25, the European Union will begin enforcing a new privacy law called the General Data Protection Regulation (GDPR). This law creates new data privacy protections for people who are in the European Union. The GDPR also creates new notification requirements for organizations who collect identifying information about people in the European Union.
Representatives from across the entire University of Illinois System are working together to help make sure that the University of Illinois properly complies with the new GDPR requirements.
It should be noted that all sites built on the RED platform are already in compliance with the first action item noted below. Privacy statements are built into RED's sub-footer and are managed centrally. If any additional steps or actions are required in the future, supplementary information will be posted at such a time.
Action Item
In order to facilitate compliance with the GDPR and the Illinois State Agencies Web Site Act, all University of Illinois websites need to link to the following web privacy notice:
https://www.vpaa.uillinois.edu/resources/web_privacy
That link can be placed in the footer of your website. Please link to this privacy notice as soon as possible if you are not doing so already.
Future Actions
Depending on the data that a website is collecting, there may be additional steps that a University of Illinois website has to take in order to be GDPR compliant. More details will be shared in future communications about those additional steps.
For departments and programs that seem particularly engaged in gathering data about EU audiences, project team members will contact department staff directly to help with GDPR compliance.
Questions?
If you are at the University of Illinois at Chicago and have questions about GDPR, please contact Ed Zawacki from ACCC (security@uic.edu)