We've been increasingly asked about the GDPR (General Data Protection Regulation), coming into force in May, and how we are preparing for this. For those unaware, the GDPR is the new European law that will regulate the use and protection of data relating to an identified or identifiable individual (i.e. personal data). Many of the GDPR’s main concepts and principles are similar to those under existing European law, although there are new elements and significant enhancements.
What are we doing to prepare for GDPR?
At Dimensions, we’ve been working hard to ensure that we’ll be fully compliant with the GDPR when it comes into effect, having carried out a detailed data mapping exercise across our business, ensuring data protection by design and updating our policies and procedures. We’re also reviewing all our vendors (like AWS), finding out about their GDPR plans and making sure they have all their ducks in a row.
Dimensions data and the GDPR
User accounts and the GDPR
If you register to use Dimensions, we require certain limited information about you to set-up an account. The Dimensions product team is currently developing functionality to ensure users can delete this information by a simple button within the account settings area - this will result in the deletion of your registration details and other information that may be linked to your account.
Our contracts with institutional customers
Where we process personal data on an institution’s behalf, our contract will likely need to be updated to meet the new requirements of the GDPR. We have developed a GDPR contract addendum for this purpose, which is intended to replace the existing data protection provisions in our customer contracts when the GDPR comes into effect. Please contact firstname.lastname@example.org and we will provide a copy, which will need to be signed and returned.
If you need any more information, please feel free to contact us at email@example.com.