What does EU-GDPR (or GDPR) stand for?
European Union – General Data Protection Regulation
What is GDPR?
The General Data Protection Regulation (GDPR, also referred to as ‘the regulation’) is a legal framework that sets guidelines for the collection and processing of personal information of individuals whose self-selected primary residence is within the European Union (EU).
When did regulation go into effect?
The Regulation went into effect on the 25th May 2018
What kind of information does the regulation apply to?
The GDPR defines personal data in Article 4 as: “… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity…”
What companies does the regulation apply to?
Any organization which processes and holds the personal data of data subjects (Individuals) with self-selected primary residence in the EU will be obliged to abide by the regulations set out by GDPR. This applies to every organization, regardless of whether they themselves reside in one of the EU Countries.
Are all types of personal data classified the same in the regulation?
GDPR identifies a special class of sensitive personal data, which includes things such as genetic, biometric, religious or philosophical beliefs, sexual preferences or details, health, and Ethnic information.
Is there an exception for Associations like the ALA?
The regulation in Article 4(18) specifically includes associations.
How many ALA members are in the EU?
As of 6/13/2018 there were 147 identifiable members in the EU or 3 tenths of a percent of ALA’s members. Additionally, ALA collects personal data on non-members.
What is the ALA doing?
Based on legal counsels advice we have updated ALA’s Privacy Policy on the website and have created a Personal Data Notification statement that is being added to forms. ALA is forming a staff steering committee that will be working on the following:
More information on the staff steering committee and its work will be shared with staff when it is available.
What about information specifically on GDPR for libraries/librarians?
https://americanlibrariesmagazine.org/blogs/the-scoop/future-data-privacy/
https://www.oif.ala.org/oif/?p=12363
https://acrl.ala.org/techconnect/post/introducing-our-new-best-friend-gdpr/
Where should I go for more additional information?
Who should I ask ALA questions about GDPR to?
Questions about GDPR should be directed to Brian K. Willard