Explore UAB

PCI CC Purchase2

Countries worldwide have implemented or are considering legislation that provides privacy and security rights to data subjects and penalties if data controllers and processors do not fulfill those rights.  These rights pertain to when and how personal data can be collected, processed, used, disclosed, retained, and disposed.  Data protection authorities in those countries can take legal action if those rights are not granted. Additionally, some laws allow individuals to take legal recourse.  The most notable example is codified in the European Union’s (EU) General Data Protection Regulation (GDPR), which broadly applies to organizations that process data about people who reside in the European Union or data about living individuals when transferred from the EU. 


The mission of the Data Protection Review (DPR) Committee is to assess and advise on how UAB should protect the privacy rights of individuals and manage the overall and specific UAB compliance risks related to international regulations.
The Committee will make recommendations to UAB leadership regarding policies, rules, and procedures that may need to be created or modified to protect individual privacy rights and minimize UAB’s risk. 
For identified research agreements, contracts, and other applicable data collection, processing, and storage scenarios, the Committee will assess and make recommendations to departments, the appropriate management structure, and UAB oversight functions to protect individual privacy rights and minimize UAB’s risk.


The DPR Committee is established by the authority of UAB’s Vice President for Information Technology and Chief Information Officer. The DPR Committee will monitor, review, discuss, and make recommendations pertaining to UAB’s compliance with international privacy and data protection regulations.

Requesting Committee Assistance

If you have any international privacy questions or want the Committee to review a use case, please send an email to This email address is being protected from spambots. You need JavaScript enabled to view it..
The Committee's review process may require the completion of a Data Protection Impact Assessment (DPIA) document, which can be determined by consulting the flowchart provided below. If a DPIA is deemed necessary, you can access the document via the link provided below the flowchart.

 DPIA decision workflow v2

Click image to enlarge
View the PDF

Related Documents

Data Protection Impact Assessment