University of Illinois System

The European Union and United Kingdom General Data Protection Regulations

The European Union (EU) General Data Protection Regulation (GDPR), known as the EU GDPR, is a comprehensive privacy regulation enacted by the EU Parliament in 2016 with an effective date of May 25, 2018. The United Kingdom (UK) has a nearly identical law, known as the UK GDPR, which together with the UK's Data Protection Act 2018, implement the provisions of the EU GDPR tailored specifically to the UK.

Although the EU and UK GDPRs primarily protect the personal data of persons physically located in the European Economic Area (EEA) and the United Kingdom (UK) respectively, they may protect the personal data of persons located in other countries, as well. 

Unlike the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and the Illinois Personal Information Protection Act (PIPA), which approach privacy by looking at particular categories of information like student education records and health records, the EU and UK GDPRs seek to protect the full spectrum of personal data. Both GDPRs define personal data broadly as any information associated with an identified or identifiable natural person.

The core of the University of Illinois (U of I) System’s GDPR compliance program is reflected in the U of I Supplemental Privacy Notice. This notice explains for persons in the EEA and the UK what types of information we collect, how the information is used, with whom the information is shared, and how persons in the EEA and the UK can exercise their GDPR rights. 

The University of Illinois and the GDPR

For a quick overview of the GDPR at the University of Illinois, watch this 5-minute animated video.

  • If you are a U of I employee and you have a question about the EU or the UK GDPR, please contact the University Ethics and Compliance Office by email at or by telephone at 866-758-2146.
  • If you are a person in the EEA or the UK and would like to learn how to submit a GDPR request to the U of I System, please see our Supplemental Privacy Notice.

Why does the U of I System care about the GDPR?

The U of I System GDPR Compliance Program

Data Protection Agreements

Research and the GDPR

Websites and the GDPR

What should I do if I get a question about the EU or UK GDPR?

Links to GDPR-related Resources and Articles