General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a data privacy regulation. It applies to the processing of personal data related to:

  • Organizations operating within the EU, even if the data processing takes place outside of the EU.
  • The offering of goods and services to individuals in the EU.
  • The monitoring of behavior of individuals in the EU.

The regulation takes effect on May 25, 2018, and replaces existing EU data protection directives. It is similar to existing regulations, but strengthens the rights of individuals and significantly increases fines for non-compliance.

  • Download the GDPR Simplified handout for a general overview of the regulation and steps you can start taking towards compliance.
  • Conduct a self-assessment of your department's activities using the online survey. You can submit your completed survey to the Privacy Officer if you would like additional assistance, but submission is not required.
  • Full text of the GDPR is available at

Additional Resources and Guidance