|Track||Date and time||Hall||Duration|
|Tuesday, 07. May 2019., 10:00||30’|
In the recent years, the legal framework of data protection in the European Union has been substantially modified and expanded. This development has had a profound impact on the functioning of libraries. What was usually described in general terms regarding the principles of processing and the need to protect privacy of library users and other data subjects needs to be concretised in privacy notices and policies of libraries in the EU.
The General Data Protection Regulation has explicitly defined data subject rights and data controller obligations, especially concerning maintaining safe and secure processing environment and data exchange. GDPR is the cornerstone of the new legal framework, however additional regulation is being developed to tackle the challenges of specific industries, communication and safety of processing personal data. In order to be compliant with the new Regulation, libraries in Europe have undertaken various demanding steps and activities in relation with the complexity and volume of their data processing.
The purpose of this presentation is to explore impact of GDPR on library management and to point out some of the implications for libraries as data controllers. Data protection officers and privacy teams within institutions such as libraries have a central role in discovering and evaluating use of personal data in library information systems. Position of library information system vendors and developers, usually recognized as data processors and third parties, especially in the case of export of data into countries outside the EU, is an important concern.