General Data Protection Regulation (GDPR) - Compliance

The GDPR is a new European Union (“EU”) privacy and data protection law which is concerned with the protection of personal information of individuals of the countries in the European Economic Area (“EAA”).

The GDPR applies to the way an organisation handles personal information in three situations:

  1. Where it has an “establishment” in the EAA;
  2. Where it offers goods or services in the EAA, whether free or otherwise.
  3. Where the behaviour of individuals is being “monitored” in the EAA.

The University’s activities (for example education, recruitment of international students and staff, student mobility, research, collaboration and engagement) require, or result in, the collection of personal information of EEA residents.

The purpose of completing this form is to identify areas where the University might be obligated to comply with the GDPR.

This information is being collected by the Privacy Working Group for information as part of the University’s GDPR Implementation Strategy development. The information will assist in identifying the relevant provisions of the GDPR that apply to University activities in the European Economic Area.  Any questions about completing this form should be directed to Jo Maguire, Privacy Officer at

Nominee details

(Please make your unit head aware of any areas of non compliance with the GDPR that are identified in this form.)
(You must use your Western Sydney University staff email address for your nomination to be valid)
Compliance with GDPR
(If yes, please specify the activities that have been delegated to OMC in the space provided below, or as an attachment.)
(if you have in excess of 500 characters, please attach your feedback as supporting documentation)
Additional Information
Please attach any additional information that you wish to include with your submission

If you have included your email address you will receive an automatically generated email confirming receipt of your submission.