It Looks Like Your Browser Does Not Support Javascript. This may impact different aspects of your browsing experience.

GDPR for Research and Higher Ed

Overview of the European Union’s (EU) General Data Protection Regulation (GDPR).

ORGANIZATIONS

LEARN MORE

New Subscribers Current Subscribers

LEARNERS BUY NOW

Interested? Demo Course

About this Course

The General Data Protection Regulation (GDPR) protects the personal data and privacy of individuals in the European Economic Area (EEA), including all European Union Member States and the three other countries that participate in the European Free Trade Association. Its broad reach means it applies to organizations and individuals in and out of the EU. The broad reach of the GDPR is of special consideration to research and higher education institutions that process personal data. This personal data often includes information which is connected to an identified or identifiable data subject.

This course helps individuals determine the broad reach of the GDPR, review how and when the regulation may apply, and examine a framework for compliance with the GDPR. Throughout the modules, learners will utilize case study examples of the GDPR to demonstrate appropriate action.

The foundation of the course is established through an overview of the regulation and discusses essential components of the GDPR. This overview includes different categories of data and regulatory roles and when the GDPR may apply to U.S.-based organizations and researchers.

Then additional modules provide in-depth coverage on topical areas, including:

GDPR and Human Subjects Research Considerations
Legal Basis for Processing Personal Data Subject to the GDPR
GDPR and Data Protection Impact Assessments
GDPR and Consent for Data Processing in Research
GDPR and Organizational Duties
Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research

The course is designed to have all learners complete the first module, and then the additional topic-focused modules as applicable.

The Introduction to the GDPR for U.S. Higher Education Organizations can be taken on its own.

Language Availability: English

Suggested Audiences: Compliance Officers and Departments, Contract Research Organizations (CROs), Contracts and Grants Officers, Higher Education Organizational Administrators, HRPPs, Institutional Officials, IRB Members and Administrators, Privacy Officers, Regulatory Affairs, Researchers, Risk Management Officers, Sponsors

Organizational Subscription Price: $675 per year/per site for government and non-profit organizations; $750 per year/per site for for-profit organizations
Independent Learner Price: $99 per person

Demo Instructions

Course Content

GDPR Overview

This first module serves as the foundational module for the course. It discusses the important elements of the regulation, including different categories of data and regulatory roles, and when the GDPR may apply to U.S.-based organizations and researchers. Introduces important GDPR concepts such as lawful grounds for processing data and legal bases, governance requirements, individual rights, and breach notification.

Recommended Use: Required
ID (Language): 20030 (English)
Author(s): Cindy Gates, JD, RN, CIP - University of Miami

GDPR and Human Subjects Research Considerations

This topic-focused module covers scientific research and the GDPR, including researcher responsibilities as data controllers and processors. Examines when the regulation may apply to U.S.-based research, identifies potential lawful bases for processing and transferring data for research, as well as additional elements of consent required by the GDPR. Discusses GDPR issues with secondary research and using sensitive categories of personal data.

Recommended Use: Required
ID (Language): 20031 (English)
Author(s): Rubi Linares-Orozco, MAS, CIP, CCRP, CHC - City of Hope; Elizabeth Peterson, JD, CIPM - Delta Dental of Washington

Legal Basis for Processing Personal Data Subject to the GDPR

This supplemental module explores the legal basis requirement from the GDPR and the limitations on an organization's ability to process personal data. Reviews categories of personal data under the GDPR, potential safeguards for processing, and documentation practices to demonstrate compliance.

Recommended Use: Required
ID (Language): 20032 (English)
Author(s): Cindy Gates, JD, RN, CIP - University of Miami

GDPR and Data Protection Impact Assessments

This module delves into the steps for conducting a data protection impact assessment (DPIA) according to the GDPR. Reviews the concept of privacy by design (PbD), discusses the roles and responsibilities of controllers, processors, and data protection officers (DPOs) for compliance with the regulation.

Recommended Use: Required
ID (Language): 20033 (English)
Author(s): Cindy Gates, JD, RN, CIP - University of Miami

GDPR and Consent for Data Processing in Research

This in-depth module describes consent for data processing per the GDPR—where consent is both a legal basis (Article 6)(1)(a)) for the prohibition on processing personal data and an exemption (Article 9(1)(a)) for processing sensitive personal data (in other words, special categories of personal data). Differentiates between informed consent to participate in research and consent for processing personal data. Considers limitations when consent is used as a legal basis for processing.

Recommended Use: Required
ID (Language): 20034 (English)
Author(s): Sara Stevenson, MPA - College of Charleston

GDPR and Organizational Responsibilities

This module goes beyond the basic overview and reviews the organizational duties of controllers and processors under the GDPR, including obligations to maintain a record or processing activities, notify data subjects and regulators of a breach, and conduct a data protection impact assessment. Discusses the appointment and role of a data protection officer (DPO) and a representative in the EU, when applicable.

Recommended Use: Required
ID (Language): 20035 (English)
Author(s): David Babaian, JD, LLM, CIP, RAC - Advarra Consulting

Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research

This module discusses how the GDPR relates to U.S. organizations of higher education. Reviews the regulation’s basic elements, identifies higher ed activities that fall under the GDPR’s scope, and reviews special categories of data and provides examples of how an organization may process the data using different legal bases. Overviews subject rights under GDPR.

Note: Organizations may elect to provide this module as standalone in courses when individuals not involved in research but who work in university areas would benefit from a review of higher education concerns.

Recommended Use: Required
ID (Language): 20036 (English)
Author(s): Ann Kristin Glenster, BFA, MFA, MEGA, LLM - University of Cambridge

Learn More

Your Name(Required)

Email(Required)

Organization(Required)

How can we help you?(Required)

I am looking for technical support. Visit our Support Center.

I'd Like To Receive Emails From CITI Program

Sign me up for CITI Program’s weekly newsletter

Details

This field is for validation purposes and should be left unchanged.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
BUY_NOW		This cookie is set to transfer purchase details to our learning management system.
CART_COUNT		This cookie is set to enable shopping cart details on the site and to pass the data to our learning management system.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Cookie	Duration	Description
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-33803854-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gat_UA-33803854-7	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
BrowserId	1 year	This cookie is used for registering a unique ID that identifies the type of browser. It helps in identifying the visitor device on their revisit.
CFID	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It is a sequential client identifier, used in conjunction with the cookie "CFTOKEN".
CFTOKEN	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It provides a random-number client security token.
CONSENT	16 years 5 months 4 days 4 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
MUID	1 year 24 days	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_app_session	1 month	No description available.
_gfpc	session	No description available.
_uetvid	1 year 24 days	No description available.
_zm_chtaid	2 hours	No description available.
_zm_csp_script_nonce	session	No description available.
_zm_cta	1 day	No description
_zm_ctaid	2 hours	No description available.
_zm_currency	1 day	No description available.
_zm_mtk_guid	2 years	No description available.
_zm_page_auth	session	No description available.
_zm_sa_si_none	session	No description
_zm_ssid	session	No description available.
AnalyticsSyncHistory	1 month	No description
BNI_persistence	4 hours	No description available.
BrowserId_sec	1 year	No description available.
CookieConsentPolicy	1 year	No description
cred		No description available.
f	never	No description available.
L-veVQq	1 day	No description
li_gc	2 years	No description
owner_token	1 day	No description available.
PP-veVQq	1 hour	No description
renderCtx	session	This cookie is used for tracking community context state.
RL-veVQq	1 day	No description
twine_session	1 month	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
web_zak	past	No description
wULrMv6t		No description
zm_aid	past	No description
zm_haid	past	No description

GDPR for Research and Higher Ed

About this Course

Course Content

GDPR Overview

GDPR and Human Subjects Research Considerations

Legal Basis for Processing Personal Data Subject to the GDPR

GDPR and Data Protection Impact Assessments

GDPR and Consent for Data Processing in Research

GDPR and Organizational Responsibilities

Introduction to the GDPR for U.S. Higher Education Organizations: Beyond Research

Learn More

Related Content

Family Educational Rights and Privacy Act (FERPA)

Information Privacy & Security (IPS)

Artificial Intelligence (AI) and Human Subject Protections

Clinical Research Coordinator (CRC)

Technology, Ethics, and Regulations

Conflict Management

FERPA: A Quick Review of the Law for Researchers and IRBs

GDPR & Human Subject Research in the U.S.