green plant in front of a peach background [View Image]

Research Data Privacy

The Research Data Privacy Program provides research data privacy support for VCU’s Office of Research and Innovation. The University has an official privacy statement, that outlines basic guidelines for privacy at VCU. This webpage provides additional guidance and contains general information for compliance with the European Union privacy law known as the General Data Protection Regulation (GDPR).


What is the GDPR?

The GDPR establishes rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. It also protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

If you are collecting data about a natural person in the European Economic Area (the E.U. plus Iceland, Liechtenstein and Norway) please contact VCU’s Research Privacy Officer. 


GDPR Flowchart

Flowchart: "Does GDPR Apply to My Research Data?"



This page contains a hyperlinked version of the GDPR Text.

Types of Data Covered Under GDPR

  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation


Research Privacy Forms

If you think GDPR may apply to your research, please complete the GDPR Survey



Quinton Johnson

Director, Export Compliance Program
Research Privacy Officer


View graphic version