GDPR

European Union (EU) General Data Protection Regulation

The European Union (EU) General Data Protection Regulation, or GDPR, requires a baseline set of standards for organizations that process personal information. GDPR safeguards the processing and movement of personal information for individuals residing in the European Union.

GDPR formally took effect on May 25, 2018. It affects organizations worldwide, including universities.

Functions

GDPR:

  • Replaces the Data Protection Directive as the primary law regulating how companies and organizations protect the personal information of European Union (EU) residents
  • Expands personal privacy rights for EU residents and also affects non-EU citizens located in an EU member state
  • Mandates a baseline set of standards for organizations handling certain types of personal information of individuals located in the EU. This better safeguards the processing and movement of that information
  • Applies to institutions with no physical EU presence if they control or process covered information. This means that even if a person is not an EU citizen, if they are located in the EU, GDPR standards protect them and apply to the institution processing their information
  • Strengthens the consent process
  • Enforces penalties

Questions

Explore answers to frequently asked questions about GDPR at Penn State below. The Privacy Office has also designed a FAQ document for GDPR Researchers.