General Data Protection Regulation

This statement is intended to be a brief overview of the General Data Protection Regulation EU 2016/679 (GDPR).  It is not a substitute for legal advice or a description of all the requirements for compliance with the GDPR.  Members of the University community with specific questions about the Regulation are encouraged to contact the Office of Legal Services or the Privacy Office.

The focus of the GDPR is the collection and use of personal information of persons residing within the European Union and it represents an overall expansion of these individual’s privacy rights.

The GDPR applies only to the processing of personal information when:

1. the establishment performing the processing is within the European Union

2. an establishment not within the European Union is offering goods or services to data subjects in the European Union; or

3. an establishment not within the European Union is monitoring the behaviour of persons within the European Union.