SirsiDynix Marketing GDPR Notice

The General Data Protection Regulation (GDPR) is European Legislation that will begin to be enforced in May of 2018. Its purpose is to strengthen the rights of data subjects within the European Union (EU) and better track how their personal data is being used. The GDPR applies to any organization inside or outside the EU who is marketing goods or services, or tracking the behaviors of data subjects within the EU.

The GDPR is structured around six key principles as described in the legislation:

  1. Transparency on how the data will be used and what it will be used for.
  2. Being sure that the data collected is used only for the purposes specified at the time of collection.
  3. Limiting collection to what is necessary for the purpose that it was collected.
  4. Ensuring the data is accurate.
  5. Storing the data for only the time that it is needed for its intended purpose.
  6. Preventing unauthorized use or accidental loss of the data through taking appropriate security measures.

SirsiDynix will be complying with the standards set by the GDPR. Below is a table listing key tasks SirsiDynix is working towards for GDPR compliance.

GDPR Requirement
Commission an external audit with an appropriate consultancy company on the action needed to become GDPR compliant
Alter incident response policies and procedures to comply with GDPR timelines and required notifications
Document all user data flows and ensure these are compliant with the principles of GDPR
Rewrite the SirsiDynix privacy policy and change customer contracts as required to comply with the law
Adjust agreements with third-party providers to require those entities to operate in compliance with GDPR
Build GDPR awareness and compliance education into employee training
Implement any necessary changes to Software as a Service (SaaS) services
Announce the mechanisms by which SirsiDynix will provide help with customer patrons’ data requests under the law
Add active consent and cookie notices to forms by which European Union citizen data will be collected, as required by GDPR
Adjust the company’s records retention policies

SirsiDynix has complied with the standards set by the GDPR.