GDPR – Understanding the EU’s Regulations as Education Marketers

The way personal data is handled in the European Union has changed, and therefore, the way Education Marketers do business in the EU must comply. We’d like to share with you exactly what General Data Protection Regulation (GDPR) is, and what it means for the education industry in terms of sharing personal information.

What is GDPR?

GDPR is a new set of “digital rights” for European Union (EU) citizens in this age of the increasing economic value of personal data, coupled with concerns around data privacy. It is important to note that GDPR only applies to the personal data of EU citizens, including their names, contact information, email addresses, pictures, IP addresses, etc. The new regulations mandate explicit and purposeful consent for storing and processing this personal data. Becoming enforceable on May 25th, a failure to comply with the GDPR can result in significant fines for businesses.

Rationale and Guiding Principles

The existing Data Protection Directive legislation is more than 20 years old, and in the last two decades, we’ve seen huge advances in technology. The way people use technology and social media has completely changed the landscape, and this regulation catches us up with the world today. With GDPR, essentially, user data can only be used if that individual gives a company permission to do so.

The EU Commission published these Guiding Principles for how to proceed with GDPR. Keep these in mind when working with your customers and ensure an open line of communication in the event that they move or conduct part of their business in the EU. Given our increasingly digital world, the GDPR and other new data privacy policy regulations, both governmental and corporate, are positive, progressive moves forward for allowing us to continue to use customer data for marketing while protecting personal privacy.

Overview of the Implications of GDPR:

What else is considered personal data?

Personal data is any information relating to an individual, whether it relates to his or her private, professional, or public life.  It can be anything from a name, a photo, an email address, bank details, their posts on social networking websites, their medical information, their computer’s IP address, or their location. The EU Charter of Fundamental Rights says that everyone has the right to personal data protection in all aspects of life: at home, at work, whilst shopping, when receiving medical treatment, at a police station, or on the Internet.

Does GDPR apply to EU citizens in the US?

No, GDPR does not apply to European citizens living in the United States. They are subject to U.S. laws. However, GDPR does apply to U.S. citizens living in the EU. MDR data products do not contain any EU data, making them out of scope of GDPR regulation.

How will I know if one of my contacts moved to the EU?

Unfortunately, there is no way for MDR to know if a U.S. citizen with a U.S. school email address is living abroad for a period of time. However, we do take data quality very seriously, and we have maintained above a 90% accuracy rating by a third party auditor for 10 consecutive years. As a division of Dun & Bradstreet, MDR has access to large legal and data compliance teams who have been working to ensure that our products and services are GDPR compliant since it was first adopted by the EU in 2016.

Can I continue to use MDR’s deployment services and other products?

Yes, you can continue to use MDR data products with the assurance that they are GDPR compliant. This includes services that use your data or lists. As new policies and regulations emerge, it is critically important to continue to keep up to date on their implications.

Keeping Up With Changing Regulations

As businesses aim to serve the education market, and developing new products that are in demand, student data is already heavily guarded and carefully handled. Therefore, for businesses with an EU presence, hopefully the changes necessary will not be too far removed from the safeguards already in place with the education data you collect or aim to collect.  All organizations should however, review the regulation, figure out how it applies to their business, and what compliance means for them.