The General Data Protection Regulation ("GDPR"), is a set of new regulations established by the EU, took effect on May 25, 2018.
The GDPR grants people in the European Union ("EU") more control over their online data and establishes new standards for how businesses handle that data.
How did Kiddom Respond to GDPR?
As new interpretations of the law surface, especially regarding ambiguous technical areas, we will adapt our services accordingly.
Whose Data Does the GDPR Protect?
Personal information of all natural persons — i.e, people, but not legal entities like corporations or nonprofits — physically within the EU are covered by the GDPR. The regulation makes no distinctions based on individuals' permanent places of residence or nationality.
The GDPR applies to all such individuals' personal data, defined as any information that can be used to, directly or indirectly, identify a person. These include not only such obvious information as educational, financial, employment-related, and health data, but also photographs, personal phone numbers, and IP addresses. This definition is virtually identical to the one used in U.S. educational privacy law, i.e., "personally identifiable information" as defined in regulations (34 CFR 99.3) issued under FERPA.
FERPA treats directory information as public by default, while giving individuals the right to opt out. GDPR, in contrast, subjects all personally identifiable data to its core requirements and provides additional protections for "sensitive personal data" that include racial and ethnic origin, religion, sexual orientation, political views, etc. It also recognizes the improved security of anonymized and encrypted or fragmented (pseudonymous) data, which it subjects to less stringent requirements.
Feel free to send us an email if you have questions about Kiddom's GDPR compliance.