The European Union (EU) General Data Protection Regulation (GDPR) takes effect on May 25, 2018. It is "designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy, and to reshape the way organizations across the region approach data privacy."
The GDPR applies to all individuals, organizations, and institutions that collect personal data from individuals residing in the EU. It does not generally apply to individually identifiable data collected from an EU citizen while in the United States.
If you plan to conduct research involving the collection of personal data about individuals (regardless of the individuals' citizenship status) located in any of the countries of the EU (as well as Iceland, Norway, and Liechtenstein), you will have to comply with the GDPR.
Visit HRPO's website under the A-Z Guidance, GDPR for additional information about this new regulation and how it might affect your research.