Welcome to the University of Rochester’s General Data Protection Regulation (GDPR) compliance resource page. The GDPR replaces the Data Protection Directive and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy. It became effective on May 25, 2018.

GDPR applies not only to organizations that process personal data in the European Economic Area (EEA), but also applies to the processing of personal data by an organization that offers goods or services to, or monitors the behavior of, individuals located in the EEA.

This page provides information regarding the ways in which the University of Rochester has addressed GDPR compliance.