Data Security: The regs are here! The regs are here!

New regulations on data privacy are now in effect

New regulations on data privacy are in force, and it’s time to get up to speed!

  • EU: General Data Protection Regulation (GDPR), effective May 25, 2018
    A new regulation that is official, effective, and has legal repercussions. On the bright side, it means there’s just one set of data protection rules for all European countries (+ Britain). The regulation applies to the use or transfer of data created in connection with monitoring the behavior of or offering goods/services to individuals residing in the EU. See this MIT resource for more information; login required.
  • US: NIST 800-171: Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations, effective December 31, 2017
    Meant for use either when US federal agencies are providing CUI to non-federal organizations or when CUI is being produced for US federal agencies (i.e., grants) and applies to information systems that process, transmit, or store CUI. This applies specifically to grants with DFAR or FAR clauses, which are expected to be part of all federal contracts.  See types of information categorized as CUI.

Looking for more information and resources on this at MIT? Contact Data Management Services at