GDPR Interim Statement
European Union General Data Protection Regulation (GDPR)
The GDPR goes into effect May 25, 2018. The GDPR was written to expand personal privacy rights for European Union (EU) residents. The rule:
- Applies to all organizations that possess personal data provided by people while they are residing, permanently or temporarily, in the EU.
- Defines data broadly: any data that can be used to identify an individual such as genetic, mental, cultural, economic, technological or social information.
- Requires valid consent to collect personal data: consent must be informed, unambiguous, freely given.
- Allows individuals the right to be forgotten.
Montgomery College GDPR Program
Montgomery College has formed a working group to develop a GDPR compliance program to determine the extent of necessary compliance to a Maryland Community College, if any. The group includes representatives from the Office of Compliance, Risk and Ethics, Office of General Counsel, Office of Advancement & Community Engagement, Office of Enrollment Services, Office of Information Technology, and other relevant units. The group has:
- Considered potential GDPR requirements that may apply to the College.
- Reviewed potential EU residents and how to secure consent to implement the student experience they are seeking at Montgomery College and meet data privacy requests that may arise.
Additionally, we will initiate processes to enforce EEA Data subject rights as follows:
EEA Data Subject Rights
We will provide you upon your reasonable, good faith request with information about whether we hold any of your Personal Data as part of our EEA Processing Activities, to the extent required by and in accordance with applicable law. In certain cases, you may also have a right, with respect to your Personal Data collected and used in the EEA Processing Activities, to:
- correct or update any of your Personal Data that is inaccurate;
- to restrict or limit the ways in which we use your Personal Data;
- to object to the processing of your Personal Data;
- to request the deletion of your Personal Data; and
- to obtain a copy of your Personal Data in an easily accessible format.
To submit a request, please send an email message to firstname.lastname@example.org. Because we want to avoid taking action regarding your Personal Data at the direction of someone other than you, we will ask you for information verifying your identity. We will respond to your request within a reasonable timeframe.
You also have the right to withdraw your consent to our processing of your Personal Data as part of the EEA Processing Activities, where our processing is solely based on your consent, subject to certain limitations at law. In some cases, you can do this by discontinuing use of the services involved in the EEA Processing Activities. This would include by closing all of your online accounts with us and contacting us at email@example.com to request that your Personal Data be deleted. If you withdraw your consent to the use or sharing of your Personal Data you may not have access to all (or any) of the College related services, and we might not be able to provide you all (or any) of the services. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent and requested that we delete your Personal Data, if we have a legal basis to do so. For example, we may retain certain data if we need to do so to comply with an independent legal obligation, if we still need the data for the lawful purposes for which we obtained the data, or if it is necessary to do so to pursue our legitimate interest in keeping our services and operations safe and secure.
If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority (i.e., supervisory authority).
If you wish to contact us in connection with the exercise of your rights listed above, please email us at firstname.lastname@example.org. We will respond to your written request without unreasonable delay and in accordance with any deadlines imposed by law. Unless we notify you at the time of your request, we will not charge you any fee in connection with the exercise of your rights.
For general information, review the European Commission’s EU Data Protection website.
If you are an EU resident or if you are emailing from the EU in regards to GDPR, email email@example.com. Please mention GDPR in your email request.
May 25, 2018