General Data Protection Regulation


The General Data Protection Regulation (GDPR) is a data privacy regulation. It applies to the processing of personal data related to:

  • Organizations operating within the EU, even if the data processing takes place outside of the EU.
  • The offering of goods and services to individuals in the EU.
  • The monitoring of behavior of individuals in the EU.

The regulation went into effect on May 25, 2018, and replaces existing EU data protection directives. It is similar to existing regulations, but strengthens the rights of individuals and significantly increases fines for non-compliance.

  • Download the GDPR Simplified handout for a general overview of the regulation and steps you can start taking towards compliance.
  • Conduct a self-assessment of your department's activities using the online survey. You can submit your completed survey to the Privacy Officer if you would like additional assistance, but submission is not required.
  • Sign up for the GDPR Information listserv to receive general information and updates related to GDPR implementation and compliance on campus.
    • To sign up, send an email from your UC Davis email address to Enter subscribe gdpr-info [your first name] [your last name] in the subject line of the email.
  • Slides from the "Data and Donuts" session on GDPR.
  • Internal resources (login required).
  • Full text of the GDPR is available at
  • If you are a data subject located in the EEA and would like to exercise your rights under GDPR, submit a completed Data Subject Request Form to

Additional Resources and Guidance