GDRP Compliance

SmarterServices takes the security of your data and our infrastructure very seriously. We are committed to providing an environment that is safe, secure, and available to all of our customers.

GDPR Overview

The European Union’s (EU) General Data Protection Regulation will impact any organization worldwide, including U.S. colleges and universities, that processes data relating to people in Europe.

The new GDPR rules require institutions to take extra steps to protect the personal information of people in the E.U., regardless of whether they are E.U. citizens or permanent residents. So, the requirements also apply to American students or faculty members who communicate with campuses while they are in Europe.

In addition to understanding what data they hold, where data is stored and how they are used, institutions and their vendors will need to be able to accommodate requests to retrieve, correct or erase the data. They must also promptly report any data breaches.

The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.

Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.

Additional Resources

For more information we recommend these resources:

Official GDPR Portal – https://www.eugdpr.org/

GDPR Overview – https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Why Care About GDPR – https://er.educause.edu/blogs/2018/3/why-care-about-gdpr

What Does the GDPR Mean for Education Privacy in the US?  http://www.centerdigitaled.com/higher-ed/what-does-the-gdpr-mean-for-education-privacy-in-the-us.html
Ten Ways For Higher Education Institutions to Prepare for GDPR Compliance – https://www.studyportals.com/blog/10-ways-for-higher-education-institutions-to-prepare-for-gdpr-compliance/

European Rules (and Big Fines) for American Colleges – https://www.insidehighered.com/news/2018/03/13/colleges-are-still-trying-grasp-meaning-europes-new-digital-privacy-law

Frequently Asked Questions

Q. What is the GDPR Data Protection Exhibit (DPE) in the SmarterServices Master Services Agreement?

A. Client institutions that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors, including SmarterServices, they use to process the EU personal data also have privacy and security protections in place. Our DPE which is provided in our Master Service Agreement outlines the privacy and security protections we have in place. SmarterServices is committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services.

Q. Are clients required to sign the Data Protection Exhibit in the SmarterServices Master Services Agreement?

A. Yes, in order to use our products and services all clients must accept our Data Protection Exhibit.  Institutional clients indicate their consent through their signature on our Master Services Agreement.  End users (typically students) agree to our terms of service by