Element451 is the leading Student Engagement platform for higher education. Go from noise to relevance with timely, personalized communication on every channel. Welcome to the era of student-centric engagement.

About Element451

If your inbox is anything like mine, you recently received a flurry of emails from companies about changes to their privacy policies. Some may have even asked you to opt in to newsletters you already receive.

The messages and policy updates were an effort to comply with the General Data Protection Regulation (GPDR). The European Union legislation went into effect May 25.


GDPR essentially says that if I reside in the EU, companies can’t collect and store information about me without my permission. And if I give that permission, I should be able to see what they know about me, have it deleted (“the right to be forgotten”), or even transfer it elsewhere. Among other provisions, there are rules about handling personal information shared through things like online purchases.

Why are U.S. companies spending resources to comply with an EU regulation?

Because the internet is global, companies that operate and market digitally interact with customers everywhere, including the EU. 

It remains to be seen how the law will be enforced for American companies, but experts advise erring on the side of caution and complying. Some organizations also see transparency as good for customer relations.

Having two separate policies and practices (one for site visitors from the EU for example, and another for everywhere else in the world) would be more burdensome than following a single approach for all visitors. So certain companies are cleaning house, as it were, and adopting measures to follow GDPR across their enterprises.

Just like a U.S. retailer that doesn’t directly advertise to a customer in Spain, but is required to store that person’s data in a GDPR-friendly manner if they make an online purchase, U.S.-based schools must follow GDPR when managing personal data that applicants provide from the EU. (This law firm sums it up well).

Schools that directly recruit prospects in the EU will likely be held to an even higher standard of safeguarding applicant information.

What about email and digital marketing? And collecting behavioral data?

The same example of the American retailer interacting with potential customers in Spain applies here, too. To illustrate: If submitting a request for information form enters a prospect into a drip email campaign, but the form gives the impression that the person will only receive one article of correspondence, it’s probably in breach of GDPR.

Instead, make it clear that you’ll be providing additional information in the future, and tell people they can unsubscribe at any time.

If your website, landing pages, and other digital properties track clicked links, page views, and other behavioral information, you need to make that known to visitors, too.

What should colleges be doing to comply with GDPR?

We recommend following the lead of proactive U.S. companies that are updating their data policies and processes across the board — for prospects and applicants in the U.S., EU, and everywhere else.

It’s not only simpler to have a unified approach, but it’s also a good way to develop trust with students. Just as Generation Z is used to sharing personal information in a way older generations probably aren’t, they are also more aware of data privacy and transparency issues.

You’ll need to work with your technology partners and in-house teams to provide ways for students to see the data that’s been collected about them. If they want it deleted, they should have an easy means to do so. And if predictive models are used in making admissions or financial aid decisions, students should be able to see how the model arrived at the decision. 

Element451, for example, simplifies data management by putting it all in one place. If a request comes in to see what the marketing or admissions department “knows” about a student, schools don’t have to track it down from multiple sources.

If you’re behind or haven’t started updating your data practices, you’re not alone. According to an article Campus Technology published a day before the policy went into effect, “several universities have set up working groups to steer campus efforts on GDPR, but most are in the early stages of identifying impacted systems and processes.” 

Of the five universities the publications contacted for comment, two didn’t respond and the others didn’t want to be interviewed.

It shouldn’t be surprising that higher ed institutions are lagging behind. Commercial entities, who arguably have more resources to get up to speed, are struggling.


The Ponemon Institute surveyed more than 1,000 companies in April, half of which reported they wouldn’t meet the deadline. Tech companies accounted for sixty percent of those surveyed.

My school isn’t where it needs to be in implementing GDPR measures. Should I be very worried?

Richard Sisson, a senior policy officer for the Information Commissioner's Office (ICO), the group responsible for enforcing GDPR, said “we are not suddenly going to issue huge fines immediately.”

"If you are doing work that you can to comply, if you are working towards the accountability principle, if you have plans in place to show you are working towards compliance, we do take those things into consideration.”

That’s good news, but keep in mind that penalties for breaking GDPR are up to four percent of global revenue, or 20 million euros ($24.4 million), whichever is greater. 

If you’d like to talk about how Element451 can help your digital communications comply with GDPR, get in touch: connect@element451.com

You’re not exempt just because you’re not in the EU.

Element451 Introduces the World's First AI Assistants for Higher Ed

Your blueprint for effectively engaging, supporting, and retaining graduate students.

Guide to Graduate Marketing in 2024

Expert insights and actionable AI strategies for your institution.

Engage Summit 2024: Deep Dive into AI in Higher Ed

Bridge the gap between the latest tech advancements and your institution's success.

The Definitive Guide AI in Higher Education

GDPR: What Higher Ed Marketers & Admissions Teams Need to Know

A timeline of our history as we celebrate our 6th birthday!

Element451 Turns 6!

We are officially this season's sponsor of Josie and the Podcast, hosted by Dr. Josie Alquist.

Josie and the Podcast: Sponsored by Element451

Strategic acquisition promises a fresh perspective on higher ed learning and development. 

Element451 Acquires Enrollify: Setting a New Standard in Higher Ed Marketing Education and Development

The Enrollify Podcast Network: Your Key to Professional Development

In a recent Volt article, we learn from Shane Baglini about how change in higher ed is not just necessary but liberating. 

GDPR: What Higher Ed Marketers & Admissions Teams Need to Know

You’re not exempt just because you’re not in the EU.

About Element451

Categories

New Blog Posts

The Definitive Guide
AI in Higher Education

Useful Links

Talk With Us

Element451 is the leading AI Student Engagement platform for higher education. Our friendly experts are here to help you explore how Element451 can improve outcomes for your school.

GDPR: What Higher Ed Marketers & Admissions Teams Need to Know

You’re not exempt just because you’re not in the EU.

About Element451

Categories

New Blog Posts

The Definitive GuideAI in Higher Education

Useful Links

Talk With Us

Element451 is the leading AI Student Engagement platform for higher education. Our friendly experts are here to help you explore how Element451 can improve outcomes for your school.

The Definitive Guide
AI in Higher Education