Yuba CCD Data Security & Privacy Protection: Exhibit A
European Union General Data Protection Regulation (EU GDPR) Administrative Procedure
EU GDPR applies to personal data collected from or shared with individuals or organizations in the EU. EU GDPR does not apply to data shared or collected from EU citizens outside of the EU by non-EU entities; however, it does apply, as an example, to non-EU citizens while they are in the EU. District employees are required to be cognizant of data collected and maintained in order to comply with EU GDPR. The District’s administrative procedure is to rigorously maintain the privacy of all personal data collected, mindful of the additional requirements of the EU GDPR.
For the sake of this administrative procedure, personal data is any information that can identify or provide information about an individual that the district or authorized agents collect, use electronically or physically, or share with others.
The collection, use, and release of some of this information may be covered by other laws or regulations, including but not limited to the Family Educational Rights and Privacy Act (“FERPA”) and the Health Insurance Portability and Accountability Act (“HIPAA”).
Personal data should only be collected by authorized personnel where it is specifically needed for a legitimate district business requirement or to meet a statutory or regulatory requirement. The district strongly discourages the collection or retention of this information except where absolutely necessary and no other alternative exists.
For all personal data being collected, individuals must provide informed and affirmative consent to its collection, use, and sharing; and may revoke it at any time. The data being collected cannot be required or compelled and consent must be tracked and maintained. (e.g., who, when, how, to what)
Data Transparency, Integrity & Control
Protection of Personal Data
More information about the EU GDPR is available on the EU Data Protection website.
Staff, faculty, or students found in violation of this administrative procedure may be adjudicated per their respective handbooks.
Questions, comments, or concerns regarding this administrative procedure or the protection of data should be directed to the Data Protection Officer at firstname.lastname@example.org.