HNU Logo

GDPR Compliance

We use cookies to personalize content, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. You consent to our use of cookies if you continue to use our website.


Holy Names University is updating its practices in managing information, to the extent applicable, to comply with the European Union’s General Data Protection Regulation (“GDPR”). Faculty, staff, students, prospective students, and alumni should be aware of how the GDPR affects them and how HNU will handle their personal data that is subject to the GDPR.

What is the GDPR?

The GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals in the European Union (the “EU”), including, but not limited to, EU citizens and EU residents.
The GDPR is effective on May 25, 2018.

Why does the GDPR affect staff, faculty, students, prospective students, and alumni?

When certain personal data is collected from an individual in the EU, the GDPR puts that individual in charge of his or her personal data, and allows the individual to exert greater control over the use, transfer, storage, and retention of that personal data. It has been reported that the GDPR will fundamentally affect any organization that collects, stores, processes, or otherwise handles an individual’s personal data. The GDPR provides us with an opportunity to (i) further strengthen the way we protect the personal data we collect and “process” (as that term is defined under the GDPR), and (ii) make privacy a central element of what we do.

What is HNU’s responsibility under the GDPR?

The GDPR places new restrictions and responsibilities on HNU (where applicable) including the responsibilities to:

  1. build privacy into systems “by design and default”;
  2. conduct regular data privacy impact assessments;
  3.  implement certain consent mechanisms (particularly when processing sensitive personal data and/or personal data concerning minors);
  4. follow specific procedures for reporting any data breaches; and document the use of personal data in more detail.

As with most new laws, it is expected that the applicable regulators in the EU will issue additional guidance in the coming months. We encourage you to visit this website in the future for further information and continuing updates with respect to our GDPR compliance efforts.

If you have any questions regarding the GDPR, please email us at: