GDPR Compliance & Privacy

Protecting the personal data of our customers and employees continues to be a priority. In 2016, the European Union approved a new data privacy law called the General Data Protection Regulation (GDPR), which applies to all organizations that collect the personal data of EU citizens.

How has EBSCO prepared?

Our ongoing compliance effort builds on our existing investments in privacy, security and operational processes necessary to meet the requirements of GDPR and other applicable regulations. As a data processor, EBSCO understands its obligation to help its customers comply with GDPR.

View our privacy policy

View our list of subprocessors

How We Provide Customer Assurance

  • Personal data practices

    We have done a thorough review of the personal data collection practices for all our applications and documented the various sources of data. Automated measures have been implemented that meet GDPR compliance.

  • Providing visibility and transparency

    Our role is to provide our customers and their end users with the access to effectively manage and protect their personal data. We’ve developed automated measures that provide transparency to our customers.

  • Enhancing data integrity and security

    We maintain technical and organizational security practices and measures to protect the confidentiality, security, availability and integrity of our customer data.

  • Portability and transferability of data

    Every end user should have the ability to receive, erase or transfer all of their personal data. With that in mind, we have implemented new features and are continuing to work on product enhancements that optimize these capabilities.

  • Privacy Shield

    EBSCO is self-certified to the EU-US Privacy Shield and Swiss-US Privacy Shield frameworks, as verified by an independent third party, TrustArc, Inc. Compliance with this voluntary framework reflects our commitment to maintaining the highest standards of privacy and data security when it comes to our customers’ data.

  • Data processing agreements

    We have used strong data processing agreements in the past, and revisions have been made so these and future agreements meet the GDPR requirements.

Learn more about EBSCO GDPR compliance.

Read the FAQ

Learn more about EIS Information Security Policy and Practices.

Read the white paper