Protecting customer data continues to be top priority for EBSCO Information Services (EBSCO). Find out how EBSCO is preparing to be GDPR-compliant, and how we’re working with our international customers.
As a global company with customers in countries across the world, protecting the personal data of our customers and employees continues to be a priority. In 2016, the European Union approved a new data privacy law called the General Data Protection Regulation (GDPR), which applies to all organizations that collect the personal data of EU citizens.
We know proper implementation involves cross-functional efforts across any organization, so we have assembled members from our product, information security, legal, compliance and information technology (IT) teams to drive this compliance initiative. This team is working with stakeholders in every impacted functional area to review all products, operations and vendors and ensure adequate compliance positions are achieved company-wide and system-wide. Further, we are also working with outside consultants and attorneys and leveraging third-party compliance tools and software to make sure that EBSCO is tracking toward the project deadline and that our efforts capture the necessary scope of compliance. Based on the work to date, we expect to be GDPR-compliant by the May 25, 2018, deadline.
How Is EBSCO Preparing for GDPR?
Our ongoing compliance review and actions build on our existing investments in privacy, security and operational processes necessary to meet the requirements of GDPR and other applicable regulations. As a data processor, EBSCO understands its obligation to help its customers get ready for GDPR. Some ways in which we currently provide customers with assurances with respect to the usage of their personal data are by:
Personal Data Practices: Each of our many diverse applications undertake a different level of personal data collection, usage, storage and disposal. We have done a thorough review of the personal data collection practices for each of these applications, documented the various sources of data and are implementing automation measures that meet GDPR compliance.
Providing Visibility and Transparency: An important aspect of GDPR is how personal data is used. As a data processor, EBSCO’s key role is to provide our customers (the data controllers) and their end users with the access to effectively manage and protect their user data. EBSCO has developed automated measures that optimize our products without compromising on performance so that we can provide transparency to our customers.
Enhancing Data Integrity and Security: EBSCO takes our customers’ data privacy and security seriously. To that end, EBSCO maintains technical and organizational security practices and measures to protect the confidentiality, security, availability and integrity of our customer data. We're also streamlining processes by implementing IT policies and procedures that provide end-to-end security.
Portability and Transferability of Data: EBSCO believes every end user should have the ability to receive, erase or transfer all of their personal data. With that in mind, EBSCO is working on product enhancements that optimize these capabilities.
Privacy Shield: EBSCO participates in and is verified by an independent third party, TrustArc, Inc., to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks. These legal frameworks were designed to provide a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. Our compliance with this voluntary framework reflects our commitment to maintaining the highest standards of privacy and data security when it comes to our customers’ data. To learn more about EBSCO’s commitment to data privacy, visit the TrustArc blog or find out more at www.privacyshield.gov.
Data Processing Agreements: We have used strong data processing agreements in the past and are revising them to meet the GDPR requirements.