What is the EU GDPR and when does it take effect?
The European Union General Data Protection Regulation (“EU GDPR”) is a new and more stringent regulation governing the use of personal data. It imposes new obligations on entities that control or process personal data about people who are located in the European Union. This regulation applies both inside the European Union (“EU”) and outside of the EU, and applies to data about anyone in the EU, regardless of whether they are a citizen or permanent resident of an EU country.
The regulation takes effect on May 25, 2018.
Where can I find the Office of Sponsored Programs' Privacy Notice
Click here to view OSP's updated privacy notice in response to GDPR.
What information is subject to the EU GDPR?
The EU GDPR applies to the control or processing of ‘personal data,’ which is defined as:
Any information relating to an identified or identifiable natural person (the data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of identifiers include but are not limited to: name, photo, email address, identification number such as GT ID#, GT Account (User ID), physical address or other location data; IP address or other online identifier.
What does this mean to YOU as a GT researcher?
If you obtain personal data about any human subject or research collaborator located in the European Union, this policy applies to your research.
Please refer to the following link for further details on EU GDPR and Institute Policy: http://www.legalaffairs.gatech.edu/legal-topics/eu-gdpr
