GDPR Tools & Resources

University of California Office of the President (UCOP)

Campus

To assist campuses in implementing the GDPR requirements, UCOP’s GDPR team has developed a library of operational tools and advisories specifically designed for each required compliance process under GDPR.  Resources accesible via the UC GDPR SharePoint site (Employee Authentication Required) include: 

• GDPR Compliance Framework
• Legal Advisories
• Compliance Guidance, Tools, and Templates
• Information Technology Services Technical Requirements
• Training Materials

Procurement

To assist procurement offices in their duties additional documents have been added to the UC Systemwide Templates & Documents webpage.  Please begin using the new versions of these documents. Specific instructions describing when and how each document should be used can be found under GDPR resources:

• Appendix - Data Security (DS)
• Appendix General Data Protection Regulation (GDPR)
• Addendum A - Scop of Processing Data
• Addendum B - Standard Contractual Clauses

The above documents can be accessed on the UC Procurement Services website under the Forms and Policies section and the password-protected site.  For access to the password-protected site, please contact Barbara Waters at UCOP.

IRB Directors, Research Administrators, Researchers, and Research Staff

To assist IRB Directors, Research Administrators, Researchers, and Research Staff in their duties, the UCOP Research Policy Analysis and Coordination (RPAC) unit has issued a Research and Technology Transfer memo.  The General Data Protection Regulation Notice and Consent Requirement memo provides information on the European Union’s General Data Protection Regulation notice and consent requirements in informed consent forms. The memo describes:

• Notice and consent requirements
• Special categories of personal data
• Personal data transfers to the United States
• Personal data to assign subjects to different treatments

Additional policies and guidance can be found on RPAC's General Data Protection Regulation webpage as well.   

UC Berkeley (UCB)

Departments

• GDPR In One Slide (UCB)
• GDPR Made Simple (UCB)
• GDPR Applicability Decision Tool (UCB)
• GDPR Checklist for Higher Education (UCB)
• GDPR Data Inventory Survey (UCB)

Individuals

• Individual Data Subject Request form
• GDPR FAQs for Individuals Who Are Affiliated, But Not
  Employed, by the University of California

External Links

European Commission and member state resources

• Full text of the General Data Protection Regulation
• Information Commissioner's Office (ICO) Guide to the General Data Protection Regulation
• Guidelines from the European Commission’s Article 29 Working Party
• Guide to the General Data Protection Regulation
• Data Protection: Rules for the protection of personal data inside and outside the EU
• Rules for Business and organizations
• The GDPR and You: Preparing for 2018
• GDPR and Organizations: 12 steps to being prepared
• GDPR interactive infographic
• GDPR Infographic
• Data Protection Impact Assessments
• GDPR Checklist

EduCause

• GDPR explained

• 7 Things you should know about GDPR

International Association of Privacy Professsionals

• GDPR Awareness Guide

• IAPP: Top 10 Operational Impacts of EU’s GDPR

• What Does Territorial Scope Mean Under the GDPR?

US Department of Health and Human Services

• Compilation of European GDPR Guidance