General Data Protection Regulation Compliance

The European Union (“EU”) has introduced the General Data Protection Regulation (“GDPR”), intended to help protect the personal information of an EU individual/Data Subject  (i.e., an individual who is physically located in an EU member state and includes both EU citizens and non-EU citizens who are physically located in the EU).  GDPR  provides “Data Subjects” with certain rights regarding their personal information shared with the College. GDPR is effective as of May 25, 2018.

As further GDPR compliance requirements are put in place, we will update this page and the related Data Privacy Policy.

Under GDPR, a Data Subject has the following rights:

  1. Right to be informed. A Data Subject has the right to be informed about the College’s collection, purpose, and use of their personal data.

  2. Right to Correction. A Data Subject can request a correction or completion of a personal data record, if it is inaccurate or incomplete

  3. Right to be Forgotten. A Data Subject may, in certain circumstances, request to have their personal data erased from College records.

In addition, a Data Subject has a Right of Access to all personal data held by the College. Under certain circumstances, a Data Subject may request a copy of all persona data held by the College under the Right to Data Portability; request that the College stop using or processing their personal data under the Right to Restrict Processing; and may object to the use of their personal data in furtherance of the College’s legitimate interests or related legal proceedings under the Right to Object.

For more information on GDPR, you can view the information from the European Union (EU) commission.

For all requests by a Data Subject pursuant the Right to be Informed, Right to Correction, and Right to be Forgotten, please complete the following request form:  Barnard GDPR Information Request

All other requests about Barnard’s GDPR compliance should email gdpr-requests@barnard.edu.