The European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. It is "designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy, and to reshape the way organizations across the region approach data privacy."
The GDPR applies to all individuals, organizations, and institutions that collect personal data from individuals residing in the European Economic Area (EEA). It does not generally apply to individually identifiable data collected from a citizen of an EEA member country while in the United States.
If you plan to conduct research involving the collection of personal data about individuals (regardless of the individuals' citizenship status) located in any of the countries of the EEA (which includes Iceland, Norway, and Liechtenstein), you will have to comply with the GDPR.
For more information about the GDPR and how these regulations might affect your research, please visit our GDPR guidance website.
(This guidance was adapted with permission from the University of Pittsburgh "European Union General Data Protection Regulation (GDPR)" webpage.)