University libraries are the institutions that have responsibilities in meeting the information needs of the user groups they serve. As is in other library types, the user records created in university libraries can consist of personal data that can identify the individuals and these data can be linked with individuals' information-seeking behaviors. At this point, the protection of personal data in university libraries from unauthorized access and use is a necessity for these libraries. This study aims to describe the practices carried out in university libraries related to the protection of personal data. According to determined aim, practices about the management of personal data in 15 university libraries in Ankara are analyzed by interviews conducted with library directors. The results have revealed that the personal data recorded in the libraries shows the variety and the user consent for personal data collection and processing is not obtained in almost half of the analyzed libraries. In conclusion, it is detected that there are deficiencies in analyzed universities in terms of collecting, recording, classifying, keeping, and storing personal data, and obtaining consent from the users for collecting and processing their personal data.