Version: 2.1 OGC Approved

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new, European-wide law on data protection and privacy for all EU citizens and residents. The GDPR replaced the previous 1995 Data Protection Directive (DPA) and expanded significantly the protection of personal data and established rules for collecting, processing, and transferring personal data of those subject to the regulation. The GDPR came into effect on 25 May 2018.

What is the impact of the GDPR on Notre Dame?

The University is similar to many US-based universities that offer programs for their students to travel and study abroad, while welcoming international students to study and connect with the US academic community. Because we maintain locations within the European Union and offer educational and academic services to students located in the EU, the University may in certain circumstances be subject to GDPR.

What should I do if my department receives an inquiry related to GDPR?

When receiving a GDPR related inquiry, the departmental GDPR contact person should refer the inquiry to the central administration by completing an inquiry form in ServiceNow (General Data Protection Regulation Inquiry) and providing the relevant details. University central administration will coordinate and help the departments with responding to the inquiry.

Who should I contact if I have questions about GDPR?

Please direct all questions or queries related to the GDPR to the Office of Information Security and Compliance at infosec@nd.edu.

What about inquiries related to data privacy from jurisdictions other than the EU?

The University is certainly subject to US data privacy and security laws, and may be subject to data privacy obligations in other jurisdictions in which the University operates. If you should receive a request or demand related to someone’s personal information, contact the Office of Information Security and Compliance or the Office of General of Counsel (gencoun@nd.edu).