Image of code and lock 
 

European Union General Data Protection Regulation (GDPR)

The European Union (EU) has recently enacted a new privacy law called the General Data Protection Regulation (GDPR). The GDPR has a very broad scope and requires covered organizations to put significant safeguards in place regarding the collection, use, and processing of personal data of individuals located in the EU. Unlike previous EU privacy laws, the GDPR is applicable to organizations (including universities) based in the United States. Accordingly, the GDPR will apply to personal data generated by any person physically located in the EU, if that data will be controlled or processed by The University of Tennessee. As with all privacy laws, the University takes seriously its compliance obligations under the GDPR.  

To find out more, visit the GDPR resource webpage at https://tennessee.edu/privacy/, which includes links to the full text of the GDPR. Here you will also find related documents summarizing key components of the GDPR and explaining how the GDPR impacts institutions of higher education. The GDPR webpage also includes model consent forms, model contract language, and model privacy notices that should be used for GDPR compliance purposes. In addition, you will find details on whether the GDPR applies to your unit's or department's activities at the Institute and what steps you should take to comply with GDPR requirements.



Security Awareness

  • IT Security Audit
    ​In the coming months, the Institute will be visited by UT Audit and Compliance to conduct an audit of our IT Security program.
  • What's On This Drive I Found???
    Have you ever found a USB thumb drive just lying around with no idea to whom it could belong?
  • IT Security and Personnel Termination
    When an Institute employee terminates, certain steps must be completed to ensure the Institute’s data remains secure.