The University of Iowa

GDPR Notice

Notice to Students from the UI Home Campus on Study Abroad Regarding Protection of Personal Data in Accordance with the EU GDPR

The University of Iowa (University) provides this notice to students from the University of Iowa on Study Abroad Programs in the European Union, about personal data subject to the European Union General Data Protection Regulation (EU GDPR). Such personal data (EU Data) includes data that you or others have provided or will provide to the University about you while you reside in the EU.

  1. All EU Data is needed for the planning and organization of your academic and extracurricular programs through the University, and to provide related services to you. The University will process EU Data in accordance with the EU GDPR; University policies, including the University’s Policy on Compliance with the EU GDPR,; and with the principles of fairness, lawfulness, transparency, purpose limitation, accuracy, storage limitation, integrity and confidentiality, and accountability.

  2. All EU Data you have provided to the University as well as to any entity from which EU Data are collected, and all the EU Data provided in order to facilitate the planning and organization of the University’s Study Abroad Program that you are attending, will be processed exclusively for the University’s institutional purposes related to your Study Abroad Program. These purposes include but are not limited to the fulfillment of obligations established by applicable laws and regulations, including the EU GDPR, and the execution of contractual obligations regarding your enrollment at the University and/or your participation in Study Abroad Programs.

  3. Submission and processing of EU Data is necessary to achieve the purposes described above.

  4. Without the EU Data, the University would be unable to manage and administer the student programs necessary to accomplish its contractual obligations, as well as the obligations imposed by applicable laws and regulations.

  5. All EU Data, including sensitive data, will be collected and processed in compliance with the provisions of the EU GDPR and by adopting the appropriate data protection measures and securing strictly monitored access.

  6. Data processing will take place, according to the aforementioned criteria, only within those University offices and by those persons that are responsible for the activities involved. 

  7. EU Data may be communicated to public or private subjects if necessary to fulfill obligations imposed by applicable laws and regulations.

  8. Because the University determines the purpose of EU Data processing, it is considered the Data Controller under the EU GDPR. The University’s Data Protection Officer is its Chief Information Security Officer, and may be contacted as follows:

Phone: (319) 335-6332 

  1. The full text of the EU GDPR is accessible at:

  2. Articles 15-22 of the EU GDPR accord rights on you in certain cases, as the owner of EU Data. Where applicable, these are the right of access, right to rectification, right to erasure or “to be forgotten,” right to restriction of processing, right to data portability, and right to object. These rights may not be available to you in certain situations for a variety of legal reasons including the requirements of various federal and/or state laws. Articles 77-84 of the EU GDPR describe your rights and remedies where applicable in the event of breach of your personal privacy.