General Data Protection Regulations (GDPR)
GDPR went into effect May 25, 2018 and is a legislation of the European Union that protects “natural persons” with regards to the processing of personal data and the transfer of that data. Anyone doing research that involves collecting information or data from anyone (known as a “data subject”) who is in one of the countries of the European Economic Area has to think about what is required to be GDPR compliant. Because this regulation affects people living or traveling in a GDPR compliant country and is unrelated to citizenship, Northwestern researchers need to consider two basic areas of their research potentially affected by these regulations: The consent process and the need for enhanced data protection. The IRB has created some tools to assist in that process: see
Guidance for General Data Protection Regulations (GDPR) compliance in the conduct of human research as well as
HRP-335 Worksheet GDPR Data Protection and
HRP-590 GDPR Compliance Consent template.