GDPR Compliance & Privacy

Protecting the personal data of our customers and employees continues to be a priority. In 2016, the European Union approved a new data privacy law called the General Data Protection Regulation (GDPR), which applies to all organizations that collect the personal data of EU citizens.

How has EBSCO prepared?

Our ongoing compliance effort builds on our existing investments in privacy, security and operational processes necessary to meet the requirements of GDPR and other applicable regulations. As a data processor, EBSCO understands its obligation to help its customers comply with GDPR.

View our privacy policy

How We Provide Customer Assurance

  • Personal data practices

    We have done a thorough review of the personal data collection practices for all our applications and documented the various sources of data. Automated measures have been implemented that meet GDPR compliance.

  • Providing visibility and transparency

    Our role is to provide our customers and their end users with the access to effectively manage and protect their personal data. We’ve developed automated measures that provide transparency to our customers.

  • Enhancing data integrity and security

    We maintain technical and organizational security practices and measures to protect the confidentiality, security, availability and integrity of our customer data.

  • Portability and transferability of data

    Every end user should have the ability to receive, erase or transfer all of their personal data. With that in mind, we have implemented new features and are continuing to work on product enhancements that optimize these capabilities.

  • Privacy Shield

    EBSCO is self-certified to the EU-US Privacy Shield and Swiss-US Privacy Shield frameworks, as verified by an independent third party, TrustArc, Inc. Compliance with this voluntary framework reflects our commitment to maintaining the highest standards of privacy and data security when it comes to our customers’ data.

  • Data processing agreements

    We have used strong data processing agreements in the past, and revisions have been made so these and future agreements meet the GDPR requirements.

EBSCO as a data processor

With respect to GDPR, customers of EBSCO Information Services's (EIS) products and services will act as the data controller for any personal data they provide to EIS in connection with their use of EIS’s products and services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. EIS serves as the data processor with respect to its customers, and processes personal data on behalf of the data controller when the data controller is using the products and services it purchased from EIS.

Want to learn more about EBSCO GDPR compliance?

Read the FAQ

Recommended Reading

Data Privacy and Security Questions Answered with Scott Macdonald

Blog

Data Privacy and Security Questions Answered with Scott Macdonald