European Union General Data Protection Regulation (GDPR)
The European Union
(EU) has recently enacted a new privacy law called the General Data Protection
Regulation (GDPR). The GDPR has a very broad scope and requires covered
organizations to put significant safeguards in place regarding the collection, use,
and processing of personal data of individuals located in the EU. Unlike
previous EU privacy laws, the GDPR is applicable to organizations (including
universities) based in the United States. Accordingly, the GDPR will apply
to personal data generated by any person physically located in the EU, if that
data will be controlled or processed by The University of Tennessee. As
with all privacy laws, the University takes seriously its compliance
obligations under the GDPR.
To find out more, visit the GDPR resource webpage at https://tennessee.edu/privacy/, which includes links to the full text of the GDPR. Here you will also find related documents summarizing key components of the GDPR and explaining how the GDPR impacts institutions of higher education. The GDPR webpage also includes model consent forms, model contract language, and model privacy notices that should be used for GDPR compliance purposes. In addition, you will find details on whether the GDPR applies to your unit's or department's activities at the Institute and what steps you should take to comply with GDPR requirements.