General Data Protection Regulation (GDPR)

If your University of Maryland unit collects and uses personal data, you can use this toolkit to assess your processes and address General Data Protection Regulation requirements. This toolkit is part of the GDPR Overview.

Does GDPR apply to your data?

Answer these questions to help you determine whether the GDPR applies to the data you collect and use.

  1. Is the data about individuals physically in the European Union at the time of collection? (yes or no)
  2. Does the data include personal information (for example, national identification number, date of birth, address, photos, cookie IDs, exam info, and so on) or sensitive personal information (for example, racial or ethnic origin, religion, medical info, sexual orientation)? (yes or no)
    • If you answered yes to both Questions 1 and 2, GDPR likely applies. Continue to Question 3.
  3. Is the data related to offering goods or services to data subjects in the EU? (yes or no)
  4. Is the data being used to monitor the behavior of individuals physically located in the EU? (yes or no)
    • If you answered yes to either question 3 or 4, GDPR likely applies

If you believe the GDPR applies to the data you are collecting and processing, please provide additional information to the university's Data Privacy Committee by requesting the GDPR risk assessment form.

Privacy statements, notices, and templates

UMD recognizes and values the privacy of the university community members and its guests. Our privacy statement and notice reflect our commitment to privacy and comply with the GDPR.

UMD units and departments are encouraged to clearly disclose the collection and processing of personal information in a timely manner using these tools:

Contract addenda

Standard GDPR addenda are available for you to include in UMD contracts as needed. Please ensure your contracts address GDPR requirements where appropriate.

If you have questions or need assistance, contact us at