General Data Protection Regulation

FIT complies with the European Union’s General Data Protection Regulation (GDPR). Faculty, staff, students, prospective students, and alumni should be aware of how GDPR affects them and how FIT will handle their personal data subject to GDPR.

What is the GDPR?

The GDPR is a regulation in the European Union (the “EU”) intended to strengthen and unify data protection for all individuals in the EU, including, but not limited to, EU citizens and residents. The GDPR went into effect on May 25, 2018.

Why does the GDPR affect staff, faculty, students, prospective students, and alumni?

When certain personal data is collected from an individual in the EU, the GDPR puts that individual in charge of their personal data, and allows the individual to exert greater control over the use, transfer, storage, and retention of that personal data. The GDPR affects any organization that collects, stores, processes or otherwise handles an individual’s personal data. In complying with the GDPR, FIT has further strengthened the college's substantial data protection and data privacy processes.

What data does FIT collect and how does FIT process my data?

FIT developed privacy notices that provide information to its students, employees, and website visitors about how FIT collects and processes personal data. Please review the relevant privacy notices:

How do I make a complaint or exercise my rights under the GDPR?

Information about how to make a complaint or exercise certain rights under the GDPR is outlined in the respective privacy notices, linked above, and may be submitted using the forms below:

  • Complaint Form
    • Use this form to file a "Complaint" in regard to FIT's practices, policies, procedures, or compliance under GDPR.
  • Rights Request Form
    • Use this form to make a GDPR Rights Request pursuant to GDPR. 

What is FIT’s responsibility?

The GDPR places restrictions and responsibilities on FIT, including the responsibilities to:

  1. Build privacy into systems “by design and default”;
  2. Conduct regular data privacy impact assessments;
  3. Implement certain consent mechanisms;
  4. Follow strict procedures for reporting data breaches; and
  5. Document and provide notice about the use of personal data.


If you have any questions regarding the GDPR, please contact [email protected]