Toolkit: General Data Protection Regulation (GDPR)

If your U-M unit collects and uses personal data, use this toolkit to assess your processes and address General Data Protection Regulation (GDPR) requirements. This toolkit is part of GDPR Compliance at U-M.

First, Determine if GDPR Applies

Answer four questions to help you determine whether the GDPR applies to your data. See Assessment: Does GDPR Apply?

If It Does, Submit U-M GDPR Data Survey

If you believe the GDPR applies to the data you are collecting and processing, please provide additional information to the university's Data Protection Officer (DPO) by completing the GDPR Data Survey (U-M Google Form; U-M login required).

Privacy Statements, Notices, and Templates

The University of Michigan recognizes and values the privacy of the university community members and its guests. Our privacy statement and notice reflect our commitment to privacy and comply with the GDPR.

U-M units and departments are encouraged to clearly disclose the collection and processing of personal information in a timely manner using these tools:

General Consent Language

We have worked with the Institutional Review Board for Health Sciences and Behavioral Sciences (IRBHSBS) to provide GDPR-compliant consent language as appropriate. We are actively working to update the clinical trial consent language as well. Please work with your IRB to obtain the latest version, as applicable and as necessary.

If you need specific consent language for a non-IRB-related website, form, or other project, contact us at, and we will help you craft GDPR-compliant language.

Contract Addenda

Standard GDPR addenda are available for you to include in U-M contracts as needed. Work with Procurement Services to ensure your contracts address GDPR requirements where appropriate.

Contact Us

If you have questions or need help with the GDPR Toolkit, send email to