General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) law aims to give EU citizens more control over their data and to create a uniformity of rules to enforce across the continent.

The GDPR covers all data controllers and data subjects based in the EU. It also applies to organizations based outside the EU that process the personal data of its residents.

Finalsite & GDPR

About GDPR Guidelines

Under the GDPR, the definition of personal data is quite broad and covers anything that points to their professional or personal life, including names, photos, emails IDs, bank details, social networking posts, medical information, or computer IP address.

Given the complexity of the rules set out by the GDPR it is not surprising that most of our customers are overwhelmed with understanding their obligations. While Finalsite cannot provide you legal advice specific to your organization’s obligations, we can assist you with further information on how to help you manage your personal data more effectively - internally and externally:

1.    Know what you have, and why you have it
2.    Manage data in a structured way
3.    Know who is responsible for it
4.    Encrypt what you wouldn’t want to be disclosed
5.    Design a security aware culture
6.    Be prepared – expect the best but prepare for the worst

Data Breaches

Mandatory obligation to manage and report data breaches within 72 hours.

Data Processors

It is the school’s responsibility to ensure 3rd party suppliers comply with GDPR the data they process for you.

Tougher Penalties

High fines will be enforced for non-compliance as well as potential impact of Ousted ratings from data policies and processes deficiencies.


Increased demands on legal agreement with all suppliers, on ensuring how data is stored and processed.

Get a Free 15-Minute Website Consultation!

Give us 15 minutes of your time and we'll give you expert feedback on your school, district or university website — no strings attached.