Find out if my research is subject to GDPR

Owned by Former user (Deleted)
Last updated: Jun 08, 2023 by Former user (Deleted)
2 min read
The General Data Privacy Regulation, or GDPR, is a privacy regulation in the European Union governing the collection and processing of personal data within the European Economic Area (EEA). While GDPR contracts and data use agreements can contain security clauses, it's important to remember that GDPR is largely a privacy regulation.


Directions

  • Ask yourself the question: "Am I collecting information from subjects that are physically located in the European Economic Area (EEA)?"
    Note: subjects do not have be living in the EEA; they can be anyone physically present there, including travelers. 
    • If yes: the study is subject to the GDPR and at the very least this means you need to get consent from the subjects, but there are other requirements that you should be aware of.

Additional Resources

  • Get assistance from the dedicated GDPR support group at IU that is run under the Chief Privacy Officer by contacting them at gdpr@iu.edu.
  • More information about GDPR at IU can be found at the IU GDPR Working Group webpage.   
  • Email securemyresearch@iu.edu for more help with security related GDPR clauses.


We want your feedback

Please email securemyresearch@iu.edu to report errors/omissions and send critiques, suggestions for improvements, new use cases/recipes, or any other positive or negative feedback you might have.  It will be your contribution to the Cookbook and appreciated by all who use it.

List of EEA Countries

Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK which includes England, Scotland, Wales, and Northern Ireland.

Countries in the EU and EEA