The General Data Protection Regulation (GDPR) was approved by the European Union (EU) in April 2016. It comes into force on May 25, 2018. GDPR requires that covered organizations put significant processes and safeguards into place regarding the collection, use, and processing of personal data of data subjects located in the EU. One of the first steps in understanding an organization's responsibilities under GDPR is to understand where the organization collects, uses, and processes data from EU data subjects. This data inventory template, shared by Chapman University, can help institutions with creating their own data inventory.