General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) was enacted by the European Union (EU) effective May 25, 2018. GDPR addresses user privacy and data ownership of all EU data subjects.  If an organization offers goods or services to, monitors the behavior of, or processes and holds personal data of EU data subjects, GDPR’s requirements apply. Under the GDPR, the data protection principles set out the main responsibilities for organizations including Jacksonville University.

The GDPR replaces the Data Privacy Directive 95/46/EC and was created to harmonize data privacy laws across the European Union (“EU”). GDPR expands the rights of certain individuals to control how their personal information is collected and used.

The GDPR is designed to protect the privacy of data concerning a natural person that is collected or processed in, or transferred out of, the EU, and to regulate entities that offer goods or services in the EU.

The GDPR defines “personal data” very broadly such that the term includes names, addresses, phone numbers, national IDs, IP addresses, profile pictures, personal healthcare data, educational data, and any other data that can be used to identify an individual. The GDPR requires enhanced compliance, governance, and accountability pertaining to organizations involved in the processing of “personal data.”

JU has a GDPR Workgroup with members from Information Security, University Compliance and Legal, Marketing and Communication, and Enrollment Management. The GDPR Workgroup will make resources available to the university community as we learn more and when appropriate.

To establish consent under the GDPR, consent must be freely given, specific informed and unambiguous. Consent requires some form of clear affirmative action and must demonstrate how and when consent was given. Individuals have the right to withdraw consent at any time. 

You may submit a GDPR privacy erasure request online. If you have data privacy questions, please email