How has EBSCO prepared?
Our ongoing compliance effort builds on our existing investments in privacy, security and operational processes necessary to meet the requirements of GDPR and other applicable regulations. As a data processor, EBSCO understands its obligation to help its customers comply with GDPR.
How We Provide Customer Assurance
Personal data practices
We have done a thorough review of the personal data collection practices for all our applications and documented the various sources of data. Automated measures have been implemented that meet GDPR compliance.
Providing visibility and transparency
Our role is to provide our customers and their end users with the access to effectively manage and protect their personal data. We’ve developed automated measures that provide transparency to our customers.
Enhancing data integrity and security
We maintain technical and organizational security practices and measures to protect the confidentiality, security, availability and integrity of our customer data.
Portability and transferability of data
Every end user should have the ability to receive, erase or transfer all of their personal data. With that in mind, we have implemented new features and are continuing to work on product enhancements that optimize these capabilities.
EBSCO is self-certified to the EU-US Privacy Shield and Swiss-US Privacy Shield frameworks, as verified by an independent third party, TrustArc, Inc. Compliance with this voluntary framework reflects our commitment to maintaining the highest standards of privacy and data security when it comes to our customers’ data.
Data processing agreements
We have used strong data processing agreements in the past, and revisions have been made so these and future agreements meet the GDPR requirements.
EBSCO as a data processor
With respect to GDPR, customers of EBSCO Information Services's (EIS) products and services will act as the data controller for any personal data they provide to EIS in connection with their use of EIS’s products and services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. EIS serves as the data processor with respect to its customers, and processes personal data on behalf of the data controller when the data controller is using the products and services it purchased from EIS.