Select Page

GDPR for Researchers



Starting May 25, 2018 (compliance deadline) the European Economic Area (EEA) begins enforcing a new set of regulations designed to protect the data security and the privacy of its Residents.
It will include all 28 member states of the EU and the three additional countries (Iceland, Liechtenstein, and Norway) that also are members of the European Economic Area (EEA). The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.


Personal Data

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymized but can be used to re-identify a person remains personal data and falls within the scope of the law.

For personal data that has been rendered anonymous, it must be done in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymized, the anonymization must be irreversible.



Data Matters: An Introduction to GDPR (13 min)



Regulation (EU) 2016/679 of the European Parliament and of the Council


Learn More