Access to a website associated with Gonzaga University is currently blocked for users located within the European Economic Area (EEA) due to the enforcement of the General Data Protection Regulation (GDPR). The restriction, first reported on February 19, 2026, highlights the ongoing challenges organizations face in complying with the comprehensive European data privacy law.
Visitors attempting to access the site from within the EEA, which includes the European Union, Iceland, Liechtenstein, and Norway, are met with a message stating that access cannot be granted at this time. The message directs those experiencing issues to contact website administrators via email at [email protected] or by phone at 509-313-6606.
Understanding the GDPR and its Impact
The General Data Protection Regulation (GDPR), enacted in 2018, is a European Union regulation designed to protect the personal data of individuals within the EEA. As outlined by guidance from the Northwestern University IRB, the GDPR establishes protections for the privacy and security of “personal data” from or about individuals within the EEA, extending to organizations outside the region that process data of individuals residing within it. The regulation aims to harmonize data privacy laws across Europe, giving individuals greater control over their personal information.
According to the European Commission, the enforcement of the GDPR is the responsibility of national data protection authorities (DPAs) within each EEA country. The access restrictions imposed on the Gonzaga University-affiliated website demonstrate the broad scope of the GDPR and its potential impact on organizations globally.
Scope of the GDPR and Regional Stakes
The GDPR applies not only to organizations based within the EEA but also to those outside the region that process the personal data of individuals residing within it. This broad scope is a key factor in the website’s current access restrictions. The regulation covers a wide range of personal data, and organizations must demonstrate compliance to avoid potential fines and legal repercussions. The National Institutes of Health (NIH) provides FAQs detailing the regulation’s requirements.
The European Data Protection Board (EDPB), established by the GDPR, is composed of representatives from national data protection authorities within the EU/EEA countries and the European Data Protection Supervisor (EDPS). The EDPB plays a crucial role in ensuring consistent application of the GDPR across the region.
What to Expect Next
The situation with the Gonzaga University website underscores the ongoing require for organizations to carefully assess their data processing practices and ensure compliance with the GDPR. It remains to be seen whether the university will implement alternative solutions to allow access to users within the EEA while adhering to the regulation’s requirements. Further developments will likely depend on guidance from the EDPB and rulings from national DPAs.
Have your say: What are your thoughts on the challenges organizations face in complying with international data privacy regulations? Share your comments below.
