As the new EU General Data Protection Regulation (GDPR) goes into effect May 25, we are writing to provide a brief update on the actions CEU has taken as an institution and what to expect next.
· New CEU Data Protection Policy – the new policy was approved by the Senate on May 8. 2018. It can be found at https://documents.ceu.edu/documents/p-1805. We encourage everyone to familiarize yourself with it.
· Training and information – we are providing two levels of training and information about GDPR to the community:
o A general online training - about the basic concepts of GDPR and IT security. There are four short courses offered, each about 20 minutes. For those working at units that heavily process personal data, you will automatically be enrolled (including Department Heads and Research Center Heads and Coordinators). You will be receiving an email with information about how to log on and take the course on Monday. For all others, please write to firstname.lastname@example.org to enroll in the course, if you handle personal data in your daily work or are interested to participate.
o CEU specific trainings – these will be rolling out over the coming weeks and again in the Fall Semester. During these trainings, we will be providing sets of streamlined information about what GDPR means in daily practice (e.g. how to manage personal data when in a hiring process). We ask at least 1-2 members of every department/unit to attend these sessions, so that they may then share the information back within their department/unit. The first session topic is – General Data Best Practices for HR activities & IT Security Tips – and it will be offered at the below times (please indicate if you plan to attend a session here):
· Thursday, May 31 – 12.00 – 1.30, Nador 13 room 416
· Tuesday, June 5 – 10.00 – 11.30, Nador 13 room 416
· Thursday, June 7 – 3.00 – 4.30, Nador 13 room 416
o CEU workshops – we’ll be asking representatives from Departments, Centers and Units to also join for workshops regarding additional data processing activities. Further information will be shared about this soon.
· Faculty Research – the Ethical Research Policy has been updated to reflect the new Data Protection Policy. There are specific annexes in the Data Protection Policy that researchers should familiarize themselves with, especially Annex 3 on a Data Protection Impact Assessment (DPIA) Tool, Annex 10 on the DPIA Procedure and Annex 36 on Treating Personal Data in Research.
Additionally, there will be a more detailed conversation about this in Fall 2018. The Ethical Research Committee is looking to modify the policy further and will initiate a series of workshops in each department on the new policy.
· Students – general awareness and background training for students about personal data protection will be incorporated into the Orientation Session for Fall 2018. Additionally, during the fall there will be further work conducted on ensuring student awareness of personal data protection in their research in cooperation with the departments, the Dean of Students Office and the Data Protection Office.