AACSB Privacy Policy

Your privacy matters to us.

GDPR Compliance

The AACSB International (“AACSB”), a global entity providing accreditation services for clients in the global market, is committed to the data protection of our members. The General Data Protection Regulation (“GDPR”) went into effect in the European Union (“EU”) on May 25, 2018. The regulation imposes broad data privacy protections for EU individuals and applies to companies that collects or handles EU personal data. As a result, the GDPR impacts nearly all organizations doing business in the EU.

While the regulation identifies some new privacy concepts, much of the foundation has already been established at AACSB through existing compliance activities that ensure alignment with our internal compliance standards, and other laws and industry best practices. AACSB will align relevant practices with the GDPR in the delivery of our member services. The responsible handling and security of member data is of the highest priority for AACSB.

Current State Activities

As a professional association, AACSB is here to serve its members in an effective and responsible way. To address the unique requirements of the GDPR, AACSB partnered with an outside privacy consultancy firm to identify areas that may need to be enhanced to further align with the GDPR. With the guidance of these experts, AACSB is actively working on further enhancing its current compliance program to further alignment with GDPR. The key GDPR related activities underway at AACSB include:

  • Enhancing notices to ensure additional transparency is provided to members on the types of data collected and uses of the data;
  • Reviewing and updating agreements with our members and third parties with whom we may share personal data, ensuring their commitment to data protection; and
  • Creating new artifacts and documentation to support our alignment to the various requirements of the GDPR as best practices

Key Changes Under the GDPR

Personal Privacy

Individuals have the right to:

  • Access their personal data
  • Have errors in their personal data corrected
  • Have their personal data erased
  • Object to the processing of their personal data
  • Receive an export of their personal data

Controls and Notifications

Organizations will need to:

  • Protect personal data using appropriate security measures
  • Notify authorities of any personal data breaches within 72 hours of the data breach discovery
  • Obtain appropriate and explicit consent for processing personal data
  • Keep records detailing data processing activities

Transparent Policies

Organizations are required to:

  • Provide clear notice of data collection
  • Outline processing purposes and use cases
  • Define data retention and deletion policies

AACSB's Privacy Policy

We value the privacy and protect the personal data of our website visitors and members in line with current regulations, as you can read in AACSB's Privacy Policy. AACSB's Privacy Policy is continuously reviewed and updated to be in line with all laws and regulations.


If you have any questions or concerns, please reach out to the AACSB team at [email protected] or your usual AACSB representative.

Further Information

For more information and details regarding the GDPR, please visit the EU GDPR page.