The GDPR is a privacy regulation in the European Union governing the collection and processing of personal data within the European Economic Area (EEA). While GDPR contracts and data use agreements can contain security clauses, it's important to remember that GDPR is largely a privacy regulation.
Directions
Ask yourself the question: am I collecting information from subjects that are physically located in the European Economic Area (EEA)? Note: subjects do not have be living in the EEA; they can be anyone physically present there, including travelers.
If yes, the study is subject to the GDPR (General Data Privacy Regulation). At the very least, this means you need to get consent from the subjects, but there are other requirements that you should be aware of.
Additional Resources
Get assistance from the dedicated GDPR support group at IU that is run under the Chief Privacy Officer by contacting them at gdpr@iu.edu.
Please email securemyresearch@iu.edu to report errors/omissions and send critiques, suggestions for improvements, new use cases/recipes, or any other positive or negative feedback you might have. It will be your contribution to the Cookbook and appreciated by all who use it.
List of EEA Countries
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK which includes England, Scotland, Wales, and Northern Ireland.