EU GENERAL DATA PROTECTION REGULATION (GDPR)

The EU General Data Protection Regulation (GDPR) replaced existing EU privacy laws, and expands personal privacy rights for residents and non-EU residents located in the European Economic Area (EUA) that includes the EU, Iceland, Liechtenstein, and Norway.  It applies not only to EU institutions, but also to institutions with no physical presence in the EU (e.g., a Mass General Brigham Hospital) if that institution works with what the regulation defines as “Personal Data.”

There are correlations between HIPAA and GDPR, but the GDPR is broader, extending to areas and information not covered by HIPAA.

Under GDPR, Personal Data refers to any information that relates to an identified or identifiable natural person. Examples include name, email address, government issued identification, etc.

PIs and their staff with existing or future international collaborations or data sharing should review the GDPR Training Program . It will take approximately 20 minutes and includes definitions of key terms and some basic scenarios.

CONTACT

MGB Chief Information Security Officer

RESOURCES

GDPR Resources

List of EU Countries

GDPR Training Program

GDPR MEMOS

GDPR April 2018 Memorandum

GDPR July 2018 Memorandum

Scroll to Top
Skip to content