Monash University and General Data Protection Regulation (GDPR)

Monash University values the privacy of every individual’s personal and health information and is committed to the protection of that information from unauthorised use and disclosure except where permitted by law.

Monash University is subject to and ensures that personal and health information it holds or has access to is handled in accordance with Australian legislation, specifically the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic). Commencing 25 May 2018, Monash University will also become subject to the European Union’s General Data Protection Regulation (GDPR). The GDPR replaces existing European data protection legislation and seeks to further protect individuals’ rights to privacy in light of rapid advances in technology.

Monash University’s adoption of the GDPR

As a Group of Eight University and a leading global teaching and research institution, Monash University’s reach extends beyond Australia.

There are a number of areas of Monash University’s operations that will come within the reach of the GDPR. This includes Monash University’s Italian campus in Prato, programs to attract European students to Monash University, research conducted with European participants or the way we keep in touch with our alumni across the globe. We also appreciate that our European partners will often want to impose GDPR compliant clauses in the agreements we reach with them, to enable them to meet the GDPR requirements.

Monash University sees the introduction of the GDPR as the setting of a global standard for governing privacy and as an institution with that global reach, raising the bar to that standard is our intent. The University’s focus is to:

  • implement measures to comply in those areas of the University where the GDPR applies; and
  • ultimately, seek to implement the principles behind the GDPR into Monash University’s privacy framework and subject to some local nuances, shifting the University’s approach to be consistent with that of the GDPR.

Who to contact?

You may contact the Data Protection Officer at

For information on how personal, sensitive and health information is managed by the University where the GDPR applies, please refer to the Data Protection and Privacy Procedure and Data Protection and Privacy Collection Statements.

For staff, please refer to this page for further information.