The GDPR is a legal framework that sets requirements for the collection and the processing of personal information from individuals who live in the European Economic Area (EEA).  GDPR ensures data rights of EEA citizens in that it limits data collection and use only for intended purposes, with data subjects’ consent.  GDPR includes "the right to be forgotten” (constituents can ask for their records to be minimized or deleted entirely, with safeguards to ensure data is not subsequently added to their records) and ensures that data about individuals cannot linger longer than is needed for specified legal purposes. Donors and other constituents may have residence(s) anywhere, including locations inside and outside the EEA.  The Foundation’s current practice is to exclude constituents with ANY active address (except “Relative”) in the EEA from almost ALL communications unless the individual has opted in to communications, or a specific exception is made by University Advancement and UIF Legal Counsel.

Roughly one year ago, the UIF requested an external audit to ensure proper procedures are in place to comply with GDPR.  In response, the Foundation has implemented the following compliance measures, detailed Here.

The UIF will continue to refine and to maintain data security and privacy measures to comply with the GDPR and other relevant state and federal regulations, as well as industry best practices.  Please direct any questions regarding GDPR to aims@uif.uillinois.edu.