Loyola University Chicago (LUC) is preparing for the General Data Protection Regulation (GDPR). The information here provides information about LUC’s response to the GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to the citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Some updates on GDPR readiness plans from LUC's GDPR Working Group...

Ensuring compliance with all applicable laws is very important to us and we are working cross-functionally with all our teams to ensure we are in compliance with the new regulation. LUC believes that our current privacy practices are very respectful of our students, faculty and staff’s privacy and all applicable privacy laws, but we are nonetheless using our GDPR readiness preparations as another opportunity to make them better.

• Privacy Notice – A privacy notice will be published to inform the "data subject" aka "you" about the personal data that LUC collects from you to provide academic and/or other services, and to inform you about your rights to manage your personal data while the data is in LUC's possession.
• Security – While LUC already follows industry best practices and comply with regulations like FERPA, PCI and HIPAA, we are aware of the new security standards that GDPR introduces and will continue to evaluate our security standards to ensure that they comply with the new requirements.
• University Data Handling Practices – Due to the introduction of a new privacy notice and privacy policies, we anticipate changes in our current practices on how LUC handles the personal data of its students and the staff. As part of the new procedure, we may be requesting you to review a privacy notice and acknowledge that you have reviewed and understood the privacy notice before you submit your personal information. In other areas, we may be asking for your consent to process sensitive personal data to provide you the intended service. We will be making adjustments in our systems to accommodate the new changes. We are also requiring our processors and vendors to support us to comply with GDPR.