General Data Protection Regulations (GDPR)

GDPR went into effect May 25, 2018 and is a legislation of the European Union that protects “natural persons” with regards to the processing of personal data and the transfer of that data. Anyone doing research that involves collecting information or data from anyone (known as a “data subject”) who is in one of the countries of the European Economic Area has to think about what is required to be GDPR compliant.  Because this regulation affects people living or traveling in a GDPR compliant country and is unrelated to citizenship, Northwestern researchers need to consider two basic areas of their research potentially affected by these regulations: The consent process and the need for enhanced data protection.  The IRB has created some tools to assist in that process: see Guidance for General Data Protection Regulations (GDPR) compliance in the conduct of human research as well as HRP-335 Worksheet GDPR Data Protection and HRP-590 GDPR Compliance Consent template.