Compliance case study: Indiana University Bloomington
In an effort to comply with the impending regulations, Indiana University Bloomington appointed a lawyer to work with various departments that the regulations will most likely affect, including registrars, admissions, HR, facilities and its international office. The university’s legal council asked registrars, for instance, to come up with scenarios.
“I had to identify where incoming data comes from, who acts on it and what happens to that data,” says Mark McConahay, the university’s associate vice provost and registrar. McConahay also shared vendors and university departments with which he regularly communicates.
Link to main story: EU data regulation to affect U.S. colleges and universities
“These scenarios allowed our lawyer to see how these regulations will apply to my department and how we as an institution might interpret them,” he says.
McConahay expects that the university’s lawyer will gather answers from other departments and form a set of legal strategies by identifying commonalities between them.
“I don’t think the sky is falling, but you have to acknowledge that the regulations exist,” McConahay says. “Quite frankly, if you document how you’ve interpreted and are complying with the regulations, I think you’ll be in pretty good shape.”
He made sure to note, however, that this is not expert legal advice.