If your U-M unit collects and uses personal data, use this toolkit to assess your processes and address General Data Protection Regulation (GDPR) requirements. This toolkit is part of GDPR Compliance at U-M.
First, Determine if GDPR Applies
Answer four questions to help you determine whether the GDPR applies to your data. See Assessment: Does GDPR Apply?
If you believe the GDPR applies to the data you are collecting and processing, please provide additional information to the university's Data Protection Officer (DPO) by completing the GDPR Data Survey (U-M Google Form; U-M login required).
Privacy Statements, Notices, and Templates
The University of Michigan recognizes and values the privacy of the university community members and its guests. Our privacy statement and notice reflect our commitment to privacy and comply with the GDPR.
- U-M Privacy Statement (a general statement on how the university protects privacy)
- U-M Website Privacy Notice (a version of the statement that is specific to the umich.edu website)
U-M units and departments are encouraged to clearly disclose the collection and processing of personal information in a timely manner using these tools:
General Consent Language
We have worked with the Institutional Review Board for Health Sciences and Behavioral Sciences (IRBHSBS) to provide GDPR-compliant consent language as appropriate. We are actively working to update the clinical trial consent language as well. Please work with your IRB to obtain the latest version, as applicable and as necessary.
If you need specific consent language for a non-IRB-related website, form, or other project, contact us at firstname.lastname@example.org, and we will help you craft GDPR-compliant language.
Standard GDPR addenda are available for you to include in U-M contracts as needed. Work with Procurement Services to ensure your contracts address GDPR requirements where appropriate.
If you have questions or need help with the GDPR Toolkit, send email to email@example.com.