Skip to Main Content

General Data Protection Regulation (GDPR)

GDPR Overview

The General Data Protection Regulation is a privacy law that applies to personal information collected

So, how does this affect us at UNF?

Although this is an EU regulation it has significant potential to impact U.S. systems. There are three major categories of data that are most likely to be affected. These are; (1) data collected on students from the EU (e.g., international students), (2) human resources data (e.g., staff or faculty living or working overseas), and (3) marketing data (e.g., data collected from a potential student living in the EU who is interested in UNF).


    Personal data must be processed lawfully, fairly and in a transparent manner.


    Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

    Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

    Personal data must be accurate and, where necessary, kept up to date.


    Personal data must be kept in a form which permits identification of data subjects no longer than is necessary for the purposes for which the personal data was processed.


    Personal data must be processed in a manner that ensures appropriate security of the personal data.


    Controllers (see Important Terms) are responsible for and must be able to demonstrate compliance with the GDPR principles.

GDPR Terminology

 The following terms are essential components of the regulation

Personal Data

Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller/ Data Controller

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Your Rights as a Data Subject

At any point, while UNF is in possession of, or processing your personal data, you, the Data Subject, have the following rights:

Right of Access

As the Data Subject, you have the right to request a copy of the information that we hold about you.

Right of Rectification

As the Data Subject, you have the right to correct data that we hold about you that is inaccurate or incomplete.

Right to be Forgotten

As the Data Subject, there are certain circumstances in which you can ask for the data we hold about you to be erased from our records.

Right to Restriction of Processing

Where certain conditions apply, you have the right to restrict the processing of your personal data.

Right of Portability

As the Data Subject, you have the right to have the data we hold on you transferred to another organization.

Right to Object

As the Data Subject, you have the right to object to certain types of processing such as direct marketing.

Right to Object to Automated Processing, Including Profiling

As the Data Subject, you have the right to be subject to the legal effects of automated processing or profiling.

Right to Judicial Review

In the event that the University of North Florida refuses your request under any of the "rights of a data subject," we will provide you with a reason why.

UNF GDPR Privacy Notice

Review the standard UNF GDPR Privacy Notice. Please keep in mind that many departments have posted their own, unit-specific notices.