Records Management and Privacy Office

Records Management and Privacy Office

site header

General Data Protection Regulation

The following statement is intended to be a brief overview of the General Data Protection Regulation EU 2016/679 (GDPR).  It should not be held as a substitute for legal advice or a description of all the requirements for compliance with the GDPR.  Members of the University community with specific questions about the Regulation are encouraged to contact their FIPPA Contact of the Chief Privacy Officer.

The focus of the GDPR is the collection and use of personal information of persons residing within the European Union (EU) and it represents an overall expansion of these individual's privacy rights.  The GDPR applies only to the processing of personal information when: (1) the establishment performing the processing is within the EU; (2) an establishment not within the EU is offering goods or services to data subjects in the EU; or (3) an establishment not within the EU is monitoring the behaviour of persons within the EU.  

For questions about the collection and processing of personal information under the GDPR, contact your FIPPA Contact or the Chief Privacy Officer.  This overview is current as of July 2018.