The European Union General Data Protection Regulation

The European Union (EU) General Data Protection Regulation, known as the GDPR, is a comprehensive privacy regulation enacted by the EU Parliament in 2016 with an effective date of May 25, 2018. Although the GDPR primarily protects the personal data of persons physically located in the European Economic Area (EEA), it may protect the personal data of persons located in other countries, as well. 

Unlike the Family Educational Rights Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and the Illinois Personal Information Protection Act (PIPA), which approach privacy by looking at particular categories of information like student education records and health records, the GDPR seeks to protect the full spectrum of personal data. The GDPR defines personal data broadly as any information associated with an identified or identifiable natural person.

The core of the University of Illinois (U of I) System’s GDPR compliance program is reflected in the U of I Supplemental Privacy Notice. This notice explains for persons in the EEA what types of information we collect, how the information is used, with whom the information is shared, and how persons in the EEA can exercise their GDPR rights. 

  • If you are a U of I employee and you have a question about the GDPR, please contact the University Ethics and Compliance Office by email at GDPRrequest@uillinois.edu or by telephone at 866-758-2146.
  • If you are a person in the EEA and would like to learn how to submit a GDPR request to the U of I System, please see our Supplemental Privacy Notice.

Why does the U of I System care about an EU regulation?

The U of I System GDPR Compliance Program

Data Protection Agreements

Research and the GDPR

Websites and the GDPR

What should I do if I get a question about the GDPR?

Links to GDPR-related Resources and Articles