A guide to the General Data Protection Regulation (GDPR) at UBC

In the last few weeks, you may have found yourself receiving many emails from the apps and online services you use regarding their updated privacy policies. This is not a coincidence as the European Union’s new General Data Protection Regulation (GDPR) comes into force today (May 25, 2018).

The GDPR is a new set of strict laws that govern privacy for anyone living in or visiting the European Union.

What is UBC’s position on GDPR compliance?

UBC is substantially compliant with the requirements of the GDPR.

The GDPR only applies to personal information collected from individuals in the EU. Therefore, only a small amount of the information collected by UBC is subject to this new regulation.

In addition, the GDPR requirements are actually very similar to − and in some cases, less stringent than − the requirements under BC’s Freedom of Information and Protection of Privacy Act (FIPPA). Therefore, if you are compliant with the FIPPA, you will also be substantially compliant with the GDPR.

What should I be doing?

This is a good time for you to review your practices to ensure that you are collecting personal information in a privacy-compliant manner. This will help to ensure that you are compliant with both the GDPR and the FIPPA. Under FIPPA, when you collect Personal Information you must provide a Privacy Notification, in which you declare your legal authority to request the information, how you will use the information, and who can answer questions about the collection. See our Privacy Fact Sheet on Collecting Personal Information [PDF] for more information.

What if I have any questions or concerns about the GDPR?

If you have any further questions about how the GDPR affects us at UBC, please send an email to privacy.matters@ubc.ca