The European Union General Data Protection Regulation

The European Union (EU) General Data Protection Regulation, known as the GDPR, is a comprehensive privacy regulation enacted by the EU Parliament in 2016 with an effective date of May 25, 2018. Although the GDPR primarily protects the personal data of persons physically located in the European Economic Area (EEA) and the United Kingdom (UK), it may protect the personal data of persons located in other countries, as well. 

Unlike the Family Educational Rights Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and the Illinois Personal Information Protection Act (PIPA), which approach privacy by looking at particular categories of information like student education records and health records, the GDPR seeks to protect the full spectrum of personal data. The GDPR defines personal data broadly as any information associated with an identified or identifiable natural person.

The core of the University of Illinois (U of I) System’s GDPR compliance program is reflected in the U of I Supplemental Privacy Notice. This notice explains for persons in the EEA and the UK what types of information we collect, how the information is used, with whom the information is shared, and how persons in the EEA and the UK can exercise their GDPR rights. 

The University of Illinois and the GDPR

For a quick overview of the GDPR at the University of Illinois, watch this 5-minute animated video.

  • If you are a U of I employee and you have a question about the GDPR, please contact the University Ethics and Compliance Office by email at or by telephone at 866-758-2146.
  • If you are a person in the EEA or the UK and would like to learn how to submit a GDPR request to the U of I System, please see our Supplemental Privacy Notice.

Why does the U of I System care about an EU regulation?

The U of I System GDPR Compliance Program

Data Protection Agreements

Research and the GDPR

Websites and the GDPR

What should I do if I get a question about the GDPR?

Links to GDPR-related Resources and Articles