This site provides information and resources regarding Western Michigan University’s efforts to comply with the European Union's General Data Protection Regulation.

For WMU employees: If you collect personal data from individuals in European Union member states on behalf of the University, you must comply with the University's GDPR policy. If you collect personal data from individuals in EU member states for reasons other than admission or employment, please contact the University's Data Compliance Officer, Greg Lozeau, to ensure that such collection is in compliance with the GDPR.

For individuals located in or traveling to an EU member state: If you are currently physically located in an EU member state, it is important that you review the information below and WMU's GDPR policy to become aware of your privacy rights and the University's compliance efforts with regard to those rights.

In April 2016, the EU adopted new privacy regulations related to the collection of personal information. This regulatory framework—known as the General Data Protection Regulation—is effective May 25, 2018. The GDPR applies to any organization or entity that collects personal information from a natural person who is physically present in an EU member state, regardless of the location of the entity collecting the information. The regulation places transparency requirements and use restrictions on entities collecting information and gives individuals robust rights regarding the management of their information. These rights include the right to access, to rectify and to object to information collected, and even the "right to be forgotten" when personal information is no longer needed by the collecting entity. In addition, there are notification requirements in the event of a data breach.

It is important to note that the GDPR is a new compliance regulation issued from a foreign jurisdiction. How the EU member states will enforce this regulation is unknown. WMU will closely monitor enforcement activities, as well as any additional guidance issued by the EU. The University may then modify its compliance strategy based on this information.

If you have concerns regarding Western Michigan University’s compliance with the GDPR, please contact Greg Lozeau (GDPR Data Protection Officer) or Carrick Craig (General Counsel).

Additional information