To help libraries consider what they need to do in response to the GDPR, the Association of Research Libraries (ARL) has published an issue brief on the topic by Anne T. Gilliland, scholarly communications officer for University Libraries at The University of North Carolina at Chapel Hill.
In the issue brief, Gilliland notes:
The GDPR’s scope is broad in almost every way, and it aims to cover the handling of personal data as it occurs in the full range of commercial and professional activities as they pertain to EU citizens and residents.…The law’s goals include full accountability, consistency, and transparency from the organizations that collect and use personal data, and complete understanding and meaningful consent from the subjects whose data is being used.…Because of their various ties to Europe and EU citizens, such as exchange programs, study abroad opportunities, visiting scholars, and satellite campuses in other countries, universities and research libraries are among the organizations that now must come to terms with the GDPR’s requirements.
Gilliland discusses some of the implications the GDPR will have for libraries, such as changing methods of collecting, managing, and transferring personal data; providing privacy training for staff; and becoming liable for privacy breaches. Gilliland concludes that, although changing practices will take effort and resources, “libraries, as privacy champions, should welcome the GDPR’s requirements.”
Direct to Full Text (8 pages; PDF)