SirsiDynix Marketing GDPR Notice
The General Data Protection Regulation (GDPR) is European Legislation that will begin to be enforced in May of 2018. Its purpose is to strengthen the rights of data subjects within the European Union (EU) and better track how their personal data is being used. The GDPR applies to any organization inside or outside the EU who is marketing goods or services, or tracking the behaviors of data subjects within the EU.
The GDPR is structured around six key principles as described in the legislation:
- Transparency on how the data will be used and what it will be used for.
- Being sure that the data collected is used only for the purposes specified at the time of collection.
- Limiting collection to what is necessary for the purpose that it was collected.
- Ensuring the data is accurate.
- Storing the data for only the time that it is needed for its intended purpose.
- Preventing unauthorized use or accidental loss of the data through taking appropriate security measures.
SirsiDynix will be complying with the standards set by the GDPR. Below is a table listing key tasks SirsiDynix is working towards for GDPR compliance.
|Commission an external audit with an appropriate consultancy company on the action needed to become GDPR compliant|
|Alter incident response policies and procedures to comply with GDPR timelines and required notifications|
|Document all user data flows and ensure these are compliant with the principles of GDPR|
|Adjust agreements with third-party providers to require those entities to operate in compliance with GDPR|
|Build GDPR awareness and compliance education into employee training|
|Implement any necessary changes to Software as a Service (SaaS) services|
|Announce the mechanisms by which SirsiDynix will provide help with customer patrons’ data requests under the law|
|Add active consent and cookie notices to forms by which European Union citizen data will be collected, as required by GDPR|
|Adjust the company’s records retention policies|
SirsiDynix has complied with the standards set by the GDPR.