GDPR Tools & Resources

University of California Office of the President (UCOP)

Campus

To assist campuses in implementing the GDPR requirements, UCOP’s GDPR team has developed a library of operational tools and advisories specifically designed for each required compliance process under GDPR.  Resources accesible via the UC GDPR SharePoint site(link is external) (Employee Authentication Required) include: 

• GDPR Compliance Framework
• Legal Advisories
• Compliance Guidance, Tools, and Templates
• Information Technology Services Technical Requirements
• Training Materials

Procurement

To assist procurement offices in their duties additional documents have been added to the UC Systemwide Templates & Documents(link is external) webpage. 

IRB Directors, Research Administrators, Researchers, and Research Staff

To assist IRB Directors, Research Administrators, Researchers, and Research Staff in their duties, the UCOP Research Policy Analysis and Coordination (RPAC)(link is external) unit has issued a Research and Technology Transfer(link is external) memo.  The General Data Protection Regulation Notice and Consent Requirement (link is external)memo provides information on the European Union’s General Data Protection Regulation notice and consent requirements in informed consent forms. The memo describes:

• Notice and consent requirements
• Special categories of personal data
• Personal data transfers to the United States
• Personal data to assign subjects to different treatments

Additional policies and guidance can be found on RPAC's General Data Protection Regulation webpage(link is external) as well.   

UC Berkeley (UCB)

Departments

• GDPR In One Slide (UCB)
• GDPR Made Simple (UCB)
• GDPR Applicability Decision Tool (UCB)
• GDPR Checklist for Higher Education (UCB)
• GDPR Data Inventory Survey (UCB)(link is external)

Individuals

• Individual Data Subject Request form
• GDPR FAQs for Individuals Who Are Affiliated, But Not Employed, by the University of California

External Links

European Commission and member state resources

• Full text of the General Data Protection Regulation(link is external)
• Information Commissioner's Office (ICO) Guide to the General Data Protection Regulation(link is external)
• Guidelines from the European Commission’s Article 29 Working Party(link is external)
• Guide to the General Data Protection Regulation(link is external)
• Data Protection: Rules for the protection of personal data inside and outside the EU(link is external)
• Rules for Business and organizations(link is external)
• The GDPR and You: Preparing for 2018(link is external)
• GDPR and Organizations: 12 steps to being prepared(link is external)
• GDPR interactive infographic(link is external)
• GDPR Infographic(link is external)
• Data Protection Impact Assessments(link is external)
• GDPR Checklist(link is external)

EduCause

• GDPR explained(link is external)

• 7 Things you should know about GDPR(link is external)

International Association of Privacy Professsionals

• GDPR Awareness Guide(link is external)

• IAPP: Top 10 Operational Impacts of EU’s GDPR(link is external)

• What Does Territorial Scope Mean Under the GDPR?(link is external)

US Department of Health and Human Services

• Compilation of European GDPR Guidance