Emma Bahner
Associate Attorney,
XL Law & Consulting
You Can’t Always Get What You Want (Or Can You?): Responding to Data Privacy Rights Requests
Tuesday, May 20, 2025 | 4:00PM–4:45PM ET | Harborside Ballroom B, 4th Floor
Session Type:
Breakout Session
Delivery Format:
Presentation/Panel
Join us for a session designed for legal and IT teams at colleges and universities navigating the complex landscape of data privacy rights and requests. As requests to exercise data privacy rights surge, understanding and complying with your institution’s obligations under international and domestic laws—such as the EU GDPR and US State comprehensive data privacy laws—has never been more important. This session will cover key data privacy rights, such as the rights of access, deletion, correction, and data portability, and how they apply to personal data your institution processes. Attendees will gain practical insights into implementing effective processes for verifying, routing, and responding to data subject requests (DSRs), tailored to the unique challenges of decentralized college and university environments. Learn from experienced presenters who have successfully collaborated with/at diverse institutions, from small private colleges to large public universities. They will share actionable strategies for building data inventories, documenting data flows, verifying requests and requestor identities, routing DSRs to the right teams, and responding to DSRs in accordance with applicable laws. By adopting a risk-based approach, you’ll discover how to develop your institution’s DSR response processes, enhancing compliance while acknowledging the realities of your institution’s limited time/resources and the complexities of data privacy risk management.
