"GDPR" stands for General Data Protection Regulation. The GDPR became effective on May 25, 2018.
If Princeton research personnel (including an independent contractor, enumerators, or a contract research organization) are physically in the EEA (see below list of countries) to perform the study procedures, GDPR applies to the study.
If Princeton research personnel (including an independent contractor, enumerators, or a contract research organization) are not physically in the EEA to perform the study procedures, (e.g., the study consists of online surveys, questionnaires, or interviews via Skype) the GDPR applies IF the following criteria are met:
The EEA consist of the following countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.
The subject does not need to be an EEA resident for the GDPR to apply.
If the subject is not physically located in the EEA, the GDPR does not apply.
Yes. As part of the consent process, you must provide the GDPR Notice to subjects. The Notice is distinct from the consent form.