General Data Protection Regulation Resources
Have you received, like, a gazillion emails from sites and services you subscribe to informing you that their privacy and terms of service have been updated? What is GDPR and does it affect your site on SiteFarm?
Shamelessly lifted from the campus' Office of Compliance and Policy Privacy at UC Davis website:
The General Data Protection Regulation (GDPR) is a data privacy regulation. It applies to the processing of personal data related to:
- Organizations operating within the European Union (EU), even if the data processing takes place outside of the EU.
- The offering of goods and services to individuals in the EU.
- The monitoring of behavior of individuals in the EU.
At its core, the GDPR is designed to strengthen the rights of individuals to know what data is being collected about them, how that data is being used, and to have control over the use of their data; including the right to prevent organizations from processing their personal data in certain situations.
GDPR and SiteFarm
You might be thinking to yourself, "Okaaaay, but do I have to do anything about this?"
In general? No. The exception is if you're going to be creating web forms that may be filled out by EU residents. If you're collecting such data you must be sure to adhere to the EU's requirements pertaining to transparency, explicit explanations of how the person's data will be used, and options for a person to content to the collection of personal data.
The Office of Compliance and Policy has created a full-page explanation along with a variety of resources and communication tools to help support you in learning how to correctly handle personal data if your audience includes residents from the EU. Their "Data and Donuts" PowerPoint is a good starting place to get an overview.
If you need more information or support, the Office of Compliance and Policy is running a list serve. To sign up, send an email from your UC Davis email address to sympa@ucdavis.edu. Enter subscribe gdpr-info [your first name] [your last name] in the subject line of the email.
Additionally, UCOP has made available the slides from their presentation "An Introduction to GDPR - ITPS (pdf)" to help supplement your understanding and how far-reaching the privacy requirements will be when collecting data from EU residents.