GDPR determines circumstances for collecting, using, disclosing, retaining and processing personal data. Furthermore, it establishes the rights of the individuals and the requirements for implementing appropriate technical and organizational measures (TOMs), ensuring a level of data security corresponding to the risk of the data.
In case of a data breach, data protection authorities and affected individuals need to be informed within 72 hours following the discovery of a personal data breach resulting in the accidental or unlawful destruction, loss, alternation, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

“The issues the Office of Privacy must work with are complex and high-stakes, and are often challenging for divisions to implement. I have found the entire staff to be unfailingly professional, responsive and patient as we work our way toward full compliance.”

Associate Vice President, Government Relations & Sponsored Programs
These GDPR Guidelines provide general information for Webster University research practitioners. It is not legal advice and should not be relied upon as such. This is an evolving document, subject to changes.
Privacy for Researchers Full Tutorial Video (available only to Webster University staff and faculty)