The General Data Protection Regulation is a law that took effect May 25, 2018, in the European Union. The law protects EU citizens' privacy and increases the penalties for breaching people's online privacy. Iowa State University is both a controller and a processor of data from individuals in the EU. As such, the ISU community is required to comply with the GDPR. Failure to comply with the GDPR may result in large fines for ISU. For GDPR requirements and guidance, see the GDPR policy and the IT Security GDPR website.