General Data Protection Regulation (GDPR)

Information Statement

University of Minnesota GDPR Compliance

The European Union (EU) General Data Protection Regulation, better known as the GDPR, is the privacy regulation adopted by the European Council and Parliament. It establishes privacy and security protection for data gathered on anyone in the European Union, regardless of citizenship. The GDPR expands the definition of personal data, and extends the protections to anyone who is physically present in EU countries when personal data is gathered or processed. The breadth of the regulation means that it applies to many institutions that are not physically located in the EU.

The University of Minnesota has an Ad-Hoc Committee to recommend and oversee University compliance with the GDPR. President Kaler created the committee to “review the impact of the GDPR on the University of Minnesota System and recommend steps that need to be taken to comply with the regulation.” Representatives from the Office of Information Technology, Office of Institutional Compliance, Global Programs and Strategy Alliance, Sr. Vice President for Finance and Operations, Internal Audit, Vice President for Research, Admissions, Academic Support Resources, University Relations, and the Office of General Counsel comprise the committee.

The GDPR Committee is taking a risk-based compliance approach to the regulation—implementation priorities will be set based on risk and available resources. Long-term planning for compliance will take into consideration guidance and interpretation of the regulation from the EU Data Protection Boards.

Additional information will be posted on this site—privacy.umn.edu. In the meantime, questions can be sent to the following Committee members: