General Data Protection Regulation

Preparations are underway to ensure FIT’s processes will, to the extent applicable, comply with the European Union’s General Data Protection Regulation (GDPR). Faculty, staff, students, prospective students, and alumni should be aware of how GDPR affects them, and how FIT will handle their personal data subject to GDPR.

What is the GDPR?

The GDPR is a regulation through which the applicable governing bodies in the European Union (the “EU”) intend to strengthen and unify data protection for all individuals in the EU, including, but not limited to, EU citizens and residents. The GDPR will go in effect on May 25, 2018.

Why does the GDPR affect staff, faculty, students, prospective students, and alumni?

When certain personal data is collected from an individual in the EU, the GDPR puts that individual in charge of his or her personal data, and allows the individual to exert greater control over the use, transfer, storage, and retention of that personal data. The GDPR will affect any organization that collects, stores, processes or otherwise handles an individual’s personal data. The GDPR provides FIT with an opportunity to further strengthen the way we protect people’s data and ensure that data privacy is central to what we do.

What data does FIT collect and how does FIT process my data?

FIT has developed privacy notices that provide information to its students, employees, and website visitors about how FIT collects and processes personal data. Please review the relevant privacy notices:

How do I make a complaint or exercise my rights under the GDPR?

Information about how to make a complaint or exercise certain rights under the GDPR is outlined in the respective privacy notices, linked above, and should be submitted using the forms below

What is FIT’s responsibility?

The GDPR places restrictions and responsibilities on FIT, including the responsibilities to:

  1. Build privacy into systems “by design and default”;
  2. Conduct regular data privacy impact assessments;
  3. Implement certain consent mechanisms;
  4. Follow strict procedures for reporting data breaches; and
  5. Document and provide notice about the use of personal data.

What are FIT’s next steps?

As with most new laws, it is expected that the applicable regulators in the EU will issue additional guidance in the coming months. We encourage you to visit this website in the future for further information and continuing updates with respect to FIT’s GDPR compliance efforts.


If you have any questions regarding the GDPR, please contact [email protected]