The European Union General Data Protection Regulation is a set of regulations that govern the use of personal data collected by an organization. These regulations apply to individuals that apply or are accepted to the College within the European Union.
- Individuals may request the details of their personal information that the College stores, the purpose it is used for, its data retention policies, and the security safeguards in place to protect said data.
- The College will comply with requests to edit and/or correct personal information. Requests to delete or limit processing of personal data will be reviewed and processed as practical within legal guidelines governing the College.
- Individuals may obtain a copy of their personal data in a standard format.
- Individuals will be notified of any breach of security in a timely manner.
- An individual can request to be forgotten if an individual withdraws consent given to process the individual’s data. The College reserves the right to retain such data as required by law, in pursuit of legal action, to monitor fraud, or for performance of a task in pursuit of the public interest, contractual obligations, and legitimate business interests. This applies only to EU residents and non-EU citizens living in an EU member state.
- All individuals have the right to question, seek advice, or complain about the use of their data.
- All communication and requests should be sent to the Manager of Information Security at firstname.lastname@example.org.
Pennsylvania College of Technology continues to work towards GDPR compliance. Some of the steps include:
- Developing a risk-based GDPR compliance strategy
- Performing and cataloging a data inventory
- Updating its consent process
- Creating an online process to request to be forgotten
- Providing GDPR education resources and training to the College’s employees