Pepperdine Locking Down Worldwide GDPR Compliance

Overview

At a time when data security and privacy are under constant global attack, the European Union (EU) put the General Data Protection Regulation (GDPR) into effect on May 25, 2018.  Since that time, both Pepperdine University and the State of California have added their own efforts to support GDPR enforcement.  But what does that mean for the Pepperdine community?

 With the GDPR, the EU set global standards for data protection in data centers, the cloud, or anywhere data is stored.  That includes data portability, quality, security, reporting, assessments and certifications.  How seriously is the EU taking the measure?  Failure to comply with the GDPR could result in fines up to 20 million Euros (more than $23 million).

 The GDPR's primary focus is to protect the personal data of EU citizens and member states, but the legislation is being adopted by the global community, reaching around the world and touching Pepperdine and all its programs.



The Pepperdine Perspective

"With Pepperdine's International Program, we have locations in Italy, Germany, Switzerland, and the United Kingdom," said Pepperdine University's Chief Information Officer Jonathan See.  "We attract students from European countries and we send students to these campuses, so we will work to be in compliance with the GDPR.  It's important to understand that compliance is equally imperative for Buenos Aires, Shanghai and all our domestic campuses as well.

"The regulation affects Pepperdine and how we handle data," See continued.  "So, as one institution, we must review our business practices on data management and make adjustments where necessary to ensure compliance.  We have been working with the General Counsel's office, because GDPR is a new law and we have to account for all of our data in transit, wherever it may live.

"The GDPR is an excellent opportunity to build on Pepperdine's existing information security practices to safeguard our community and data," See noted.  "We have updated our Privacy Policy and created a new GDPR Privacy Notice.  We are also conducting a comprehensive data inventory project and reviewing our current data processing practices so we can move forward with our regulatory compliance efforts.

"As we review our data inventory university wide, other issues will likely arise that we will address accordingly," See said.  "I envision mini business process improvement projects  popping up, and we will have to create micro teams to help define best practices moving forward.  This is a vital initiative and there are many facets to consider in improving our data management practices. It's important for our community to trust that Pepperdine is working to be fully compliant in all our programs."