When receiving personal data from a provider in the European Economic Area (EEA), Harvard is required to follow requirements of the General Data Protection Regulation (GDPR). Due to a recent EU court decision, the terms governing personal data transferred from EER to the U.S. will soon become stricter, which will require additional compliance efforts. To meet its obligations under GDPR, the University has developed GDPR DUA Supplemental Guidance to reference when requesting personal data. The Guidance describes new data points that must be included in relevant DUA-Agreements Application submission in order for the Negotiating Office to be able to sign the associated DUA. The University is piloting this new resource and, effective immediately, researchers are asked to use the GDPR DUA Supplemental Guidance and include the required data points in the DUA-Agreements record. Contact Rachel Talentino, OVPR, with policy questions. Questions about a specific agreement should be directed to your rep on the ORA Grants & Contracts Team.