SlideShare a Scribd company logo
1 of 14
General Data Protection
Regulation (GDPR) and library
authority data
Ricardo Santos
National Library of Spain
Prepared for:
VIAF Council meeting
24th August 2018, Kuala Lumpur
GDPR Facts
Supersedes the Data Protection Directive 95/46/EC
Adopted in April 2016, enforced in 25 May 2018. It has 98 articles and 173 whereas clauses.
It’s a regulation, so it’s directly binding and applicable in Member States.
Extra-territorial applicability: it applies to all companies processing the personal data of
individual residing in the Union, regardless of the company’s location or where the data is
processed .
United Kingdom passed the Data Protection Act 2018, with equivalent regulations and
protections
2
Goals
Strengthen citizens' fundamental rights in the digital age. Give control to
citizens over their personal data
Harmonize and simplify the rules throughout the European states
3
“
Personal data is any
information that relates to an
identified or identifiable
individual. (art. 4)
This Regulation does not apply to the personal
data of deceased persons. (whereas clause 27)
4
“
Processing means any operation on
personal data, such as collection,
recording, organization, structuring,
storage, retrieval, consultation, use,
disclosure by transmission,
dissemination or otherwise making
available… (art. 4)
5
GDPR for organizations
- Legal basis for processing (art. 6) (Can we process data?):
- Consent (explicit, clear and unambiguous)
- Legal obligation (legal deposit?)
- Public interest
- Organisation’s legitimate interest
6
- Processing of data must be (art. 5):
- According to, and only the data necessary, the stated specific
purposes.
- Stored no longer than necessary.
- Accurate and up-to-date.
GDPR for public administration
- Personal data usually processed on the basis of a legal obligation or
public interest.
- A Data Protection Officer is mandatory.
- Individuals may contact a public administration to exercise their rights
under the GDPR.
- Individuals have a right to object to the processing of personal data by
the public administration on grounds of public interest.
7
GDPR for citizens (Chapter III)
Citizens have the right to:
- demand information about the processing
- access the data
- asking for corrections of inaccurate data
- data erasure (formerly known as right to be forgotten)
- object to the processing of data
- receive personal data in a machine-readable format and send it to
another controller.
- request that decisions based on automated processing are made
by natural persons.
8
Exceptions
& Limits
Consent can be skipped if there is legal obligation or
public interest for collecting data
Data erasure or others are limited by:
Freedom of expression safeguards.
Archival exemptions (provided the institution has
the legal obligation to preserve).
Scientific or historical research.
Those limits are not automatic. Member states should
introduce them or not.
9
BIG QUESTIONS REMAINS
Considerations of authority data:
• Is it “personal data”? Could there be other
“sensitive data”?
• What’s the legal framework for an authority file?
• Can the “public interest” or “legal obligation” be
invoked to skip consent?
• Can we deny “right to be forgotten” on those
grounds?
• Can we freely distribute authority data (to VIAF,
for instance)?
10
Claimings accepted 
Data correction.
Hide pseudonymous relationships
Hide dates
BNE experiences
Claimings rejected 
Deletion of resources
Deletion of authority record
11
VIAF is an aggregator of sources.
- Who has the responsability for data?
VIAF is a “third party”:
- Should reflect data policy of member institutions?
Case 1: an institution acknowledge an individual data rights. Should this extend to
VIAF or other libraries?
- Should VIAF policy influence data policy of member institutions?
Case 2: VIAF grants an individual data rights. Should this extend to libraries?
Some issues with VIAF
12
GDPR: legal text
European Union official webpage
IFLA leaflet on GDRP
More info
13
14
Thanks!
Ricardo Santos
National Library of Spain
ricardo.santos@bne.es
Images : Biblioteca Digital Hispánica
Template and fonds: SlidesCarnival

More Related Content

What's hot

Turkish Data Protection Act : Is it a reflection of GDPR?
Turkish Data Protection Act : Is it a reflection of GDPR?Turkish Data Protection Act : Is it a reflection of GDPR?
Turkish Data Protection Act : Is it a reflection of GDPR?
TrustArc
 

What's hot (18)

Box 11
Box 11Box 11
Box 11
 
Turkish Data Protection Act : Is it a reflection of GDPR?
Turkish Data Protection Act : Is it a reflection of GDPR?Turkish Data Protection Act : Is it a reflection of GDPR?
Turkish Data Protection Act : Is it a reflection of GDPR?
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
Box 9
Box 9Box 9
Box 9
 
Box 10
Box 10Box 10
Box 10
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 
The Policy Framework: GDPR and all that
The Policy Framework: GDPR and all thatThe Policy Framework: GDPR and all that
The Policy Framework: GDPR and all that
 
Box 13
Box 13Box 13
Box 13
 
Privacy, Social Network Sites and the law
Privacy, Social Network Sites and the lawPrivacy, Social Network Sites and the law
Privacy, Social Network Sites and the law
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORI
 
SPECIAL ESWC project networking
SPECIAL ESWC project networkingSPECIAL ESWC project networking
SPECIAL ESWC project networking
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
The Dutch Lesson (the SyRI Case)
The Dutch Lesson (the SyRI Case)The Dutch Lesson (the SyRI Case)
The Dutch Lesson (the SyRI Case)
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 

Similar to VIAF GDPR

Similar to VIAF GDPR (20)

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?
 
GDPR and Research Data Management
GDPR and Research Data ManagementGDPR and Research Data Management
GDPR and Research Data Management
 
20200429_Research Data & the GDPR: How Open is Open? (updated version)
20200429_Research Data & the GDPR: How Open is Open? (updated version)20200429_Research Data & the GDPR: How Open is Open? (updated version)
20200429_Research Data & the GDPR: How Open is Open? (updated version)
 
Engage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To GoEngage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To Go
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research data
 
20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
 
Impact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingImpact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and Processing
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, Manchester
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, London
 
GDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamGDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, Nottingham
 
2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final
 

More from Biblioteca Nacional de España

More from Biblioteca Nacional de España (20)

La colección de relaciones de sucesos en la Biblioteca Nacional de España
La colección de relaciones de sucesos en la Biblioteca Nacional de EspañaLa colección de relaciones de sucesos en la Biblioteca Nacional de España
La colección de relaciones de sucesos en la Biblioteca Nacional de España
 
Identidad común: las fuentes del patrimonio bibliográfico. Ana Santos Aramburo
Identidad común: las fuentes del patrimonio bibliográfico. Ana Santos AramburoIdentidad común: las fuentes del patrimonio bibliográfico. Ana Santos Aramburo
Identidad común: las fuentes del patrimonio bibliográfico. Ana Santos Aramburo
 
La Biblioteca Nacional de España como centro de apoyo a la investigación. Ana...
La Biblioteca Nacional de España como centro de apoyo a la investigación. Ana...La Biblioteca Nacional de España como centro de apoyo a la investigación. Ana...
La Biblioteca Nacional de España como centro de apoyo a la investigación. Ana...
 
Data privacy in library authority files: a survey
Data privacy in library authority files: a surveyData privacy in library authority files: a survey
Data privacy in library authority files: a survey
 
Perfil de RDA de la BNE. Resumen de cambios
Perfil de RDA de la BNE. Resumen de cambiosPerfil de RDA de la BNE. Resumen de cambios
Perfil de RDA de la BNE. Resumen de cambios
 
RDA. Autoridades. Fundamentos. Identificación de entidades. Relaciones
RDA. Autoridades. Fundamentos. Identificación de entidades. RelacionesRDA. Autoridades. Fundamentos. Identificación de entidades. Relaciones
RDA. Autoridades. Fundamentos. Identificación de entidades. Relaciones
 
RDA: el nuevo texto
RDA: el nuevo textoRDA: el nuevo texto
RDA: el nuevo texto
 
Pleno del Real Patronato. Biblioteca Nacional de España
Pleno del Real Patronato. Biblioteca Nacional de EspañaPleno del Real Patronato. Biblioteca Nacional de España
Pleno del Real Patronato. Biblioteca Nacional de España
 
Objetivos 2019. Pleno del Real Patronato. Biblioteca Nacional de España
Objetivos 2019. Pleno del Real Patronato. Biblioteca Nacional de EspañaObjetivos 2019. Pleno del Real Patronato. Biblioteca Nacional de España
Objetivos 2019. Pleno del Real Patronato. Biblioteca Nacional de España
 
Pleno del Real Patronato. Biblioteca Nacional de España. Evaluación actuacion...
Pleno del Real Patronato. Biblioteca Nacional de España. Evaluación actuacion...Pleno del Real Patronato. Biblioteca Nacional de España. Evaluación actuacion...
Pleno del Real Patronato. Biblioteca Nacional de España. Evaluación actuacion...
 
Evaluación actuaciones 2018. Planificación actuaciones 2019
Evaluación actuaciones 2018. Planificación actuaciones 2019Evaluación actuaciones 2018. Planificación actuaciones 2019
Evaluación actuaciones 2018. Planificación actuaciones 2019
 
Dirección Técnica. Objetivos 2019
Dirección Técnica. Objetivos 2019Dirección Técnica. Objetivos 2019
Dirección Técnica. Objetivos 2019
 
Evaluación 2018. Objetivos 2019
Evaluación 2018. Objetivos 2019Evaluación 2018. Objetivos 2019
Evaluación 2018. Objetivos 2019
 
Evaluación actuaciones 2018. Dirección Cultural
Evaluación actuaciones 2018. Dirección CulturalEvaluación actuaciones 2018. Dirección Cultural
Evaluación actuaciones 2018. Dirección Cultural
 
Pleno CCB. Consejo de Cooperación Bibliotecaria. Ana Santos Aramburo
Pleno CCB. Consejo de Cooperación Bibliotecaria. Ana Santos AramburoPleno CCB. Consejo de Cooperación Bibliotecaria. Ana Santos Aramburo
Pleno CCB. Consejo de Cooperación Bibliotecaria. Ana Santos Aramburo
 
Descubrir, aprender, disfrutar en la Biblioteca Nacional de España. Ana Santo...
Descubrir, aprender, disfrutar en la Biblioteca Nacional de España. Ana Santo...Descubrir, aprender, disfrutar en la Biblioteca Nacional de España. Ana Santo...
Descubrir, aprender, disfrutar en la Biblioteca Nacional de España. Ana Santo...
 
Renacer prensa historica
Renacer prensa historicaRenacer prensa historica
Renacer prensa historica
 
RDA y Linked data (Ricardo Santos Muñoz)
RDA y Linked data (Ricardo Santos Muñoz)RDA y Linked data (Ricardo Santos Muñoz)
RDA y Linked data (Ricardo Santos Muñoz)
 
Desarrollo actual de RDA (Pilar Tejero López)
Desarrollo actual de RDA (Pilar Tejero López)Desarrollo actual de RDA (Pilar Tejero López)
Desarrollo actual de RDA (Pilar Tejero López)
 
LRM: Library Reference Model (Ricardo Santos Muñoz)
LRM: Library Reference Model (Ricardo Santos Muñoz)LRM: Library Reference Model (Ricardo Santos Muñoz)
LRM: Library Reference Model (Ricardo Santos Muñoz)
 

Recently uploaded

原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样
原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样
原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样
rtgdfgss
 

Recently uploaded (12)

UX in an Agile World - Scrum Gathering
UX in an Agile World -   Scrum GatheringUX in an Agile World -   Scrum Gathering
UX in an Agile World - Scrum Gathering
 
Uniting Efficiency and Quality_ The Synergy of Lean Management and Six Sigma.pdf
Uniting Efficiency and Quality_ The Synergy of Lean Management and Six Sigma.pdfUniting Efficiency and Quality_ The Synergy of Lean Management and Six Sigma.pdf
Uniting Efficiency and Quality_ The Synergy of Lean Management and Six Sigma.pdf
 
Dehradun🌹Vip ℂall Girls ❤Heer 931579xxxx💟 Full Trusted ℂALL GIRLS IN Dehradu...
Dehradun🌹Vip ℂall Girls  ❤Heer 931579xxxx💟 Full Trusted ℂALL GIRLS IN Dehradu...Dehradun🌹Vip ℂall Girls  ❤Heer 931579xxxx💟 Full Trusted ℂALL GIRLS IN Dehradu...
Dehradun🌹Vip ℂall Girls ❤Heer 931579xxxx💟 Full Trusted ℂALL GIRLS IN Dehradu...
 
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdfTEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
 
Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...
Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...
Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...
 
Leading People - Harvard Manage Mentor Certificate
Leading People - Harvard Manage Mentor CertificateLeading People - Harvard Manage Mentor Certificate
Leading People - Harvard Manage Mentor Certificate
 
Team Dynamics: A Journey to Excellence
Team Dynamics: A Journey to ExcellenceTeam Dynamics: A Journey to Excellence
Team Dynamics: A Journey to Excellence
 
Mastering Compassion: A Heavenly Perspective on Leadership
Mastering Compassion: A Heavenly Perspective on LeadershipMastering Compassion: A Heavenly Perspective on Leadership
Mastering Compassion: A Heavenly Perspective on Leadership
 
DrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project ManagementDrupalCamp Atlanta 2022 - Effective Project Management
DrupalCamp Atlanta 2022 - Effective Project Management
 
Management 13th Edition by Richard L. Daft test bank.docx
Management 13th Edition by Richard L. Daft test bank.docxManagement 13th Edition by Richard L. Daft test bank.docx
Management 13th Edition by Richard L. Daft test bank.docx
 
Mastering Agility_ Unveiling the Power of Agile Project Management.pdf
Mastering Agility_ Unveiling the Power of Agile Project Management.pdfMastering Agility_ Unveiling the Power of Agile Project Management.pdf
Mastering Agility_ Unveiling the Power of Agile Project Management.pdf
 
原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样
原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样
原版定制(UBC毕业证书)加拿大英属哥伦比亚大学毕业证原件一模一样
 

VIAF GDPR

  • 1. General Data Protection Regulation (GDPR) and library authority data Ricardo Santos National Library of Spain Prepared for: VIAF Council meeting 24th August 2018, Kuala Lumpur
  • 2. GDPR Facts Supersedes the Data Protection Directive 95/46/EC Adopted in April 2016, enforced in 25 May 2018. It has 98 articles and 173 whereas clauses. It’s a regulation, so it’s directly binding and applicable in Member States. Extra-territorial applicability: it applies to all companies processing the personal data of individual residing in the Union, regardless of the company’s location or where the data is processed . United Kingdom passed the Data Protection Act 2018, with equivalent regulations and protections 2
  • 3. Goals Strengthen citizens' fundamental rights in the digital age. Give control to citizens over their personal data Harmonize and simplify the rules throughout the European states 3
  • 4. “ Personal data is any information that relates to an identified or identifiable individual. (art. 4) This Regulation does not apply to the personal data of deceased persons. (whereas clause 27) 4
  • 5. “ Processing means any operation on personal data, such as collection, recording, organization, structuring, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available… (art. 4) 5
  • 6. GDPR for organizations - Legal basis for processing (art. 6) (Can we process data?): - Consent (explicit, clear and unambiguous) - Legal obligation (legal deposit?) - Public interest - Organisation’s legitimate interest 6 - Processing of data must be (art. 5): - According to, and only the data necessary, the stated specific purposes. - Stored no longer than necessary. - Accurate and up-to-date.
  • 7. GDPR for public administration - Personal data usually processed on the basis of a legal obligation or public interest. - A Data Protection Officer is mandatory. - Individuals may contact a public administration to exercise their rights under the GDPR. - Individuals have a right to object to the processing of personal data by the public administration on grounds of public interest. 7
  • 8. GDPR for citizens (Chapter III) Citizens have the right to: - demand information about the processing - access the data - asking for corrections of inaccurate data - data erasure (formerly known as right to be forgotten) - object to the processing of data - receive personal data in a machine-readable format and send it to another controller. - request that decisions based on automated processing are made by natural persons. 8
  • 9. Exceptions & Limits Consent can be skipped if there is legal obligation or public interest for collecting data Data erasure or others are limited by: Freedom of expression safeguards. Archival exemptions (provided the institution has the legal obligation to preserve). Scientific or historical research. Those limits are not automatic. Member states should introduce them or not. 9
  • 10. BIG QUESTIONS REMAINS Considerations of authority data: • Is it “personal data”? Could there be other “sensitive data”? • What’s the legal framework for an authority file? • Can the “public interest” or “legal obligation” be invoked to skip consent? • Can we deny “right to be forgotten” on those grounds? • Can we freely distribute authority data (to VIAF, for instance)? 10
  • 11. Claimings accepted  Data correction. Hide pseudonymous relationships Hide dates BNE experiences Claimings rejected  Deletion of resources Deletion of authority record 11
  • 12. VIAF is an aggregator of sources. - Who has the responsability for data? VIAF is a “third party”: - Should reflect data policy of member institutions? Case 1: an institution acknowledge an individual data rights. Should this extend to VIAF or other libraries? - Should VIAF policy influence data policy of member institutions? Case 2: VIAF grants an individual data rights. Should this extend to libraries? Some issues with VIAF 12
  • 13. GDPR: legal text European Union official webpage IFLA leaflet on GDRP More info 13
  • 14. 14 Thanks! Ricardo Santos National Library of Spain ricardo.santos@bne.es Images : Biblioteca Digital Hispánica Template and fonds: SlidesCarnival

Editor's Notes

  1. 28 different regulations merged into one
  2. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  3. DPO. Among other duties: act as a contact point for requests from individuals regarding the processing of their personal data and the exercise of their rights
  4. It isn’t clear if “scientific or historical research” applies to authority data, or if this data is stored for the “legal obligation”
  5. 1 – According to the law definition for “personal data”, it is, because it allows to identify a living person (a name string; a date of birth, an URI). “sensitive data” is less probably to be included. 2- Should the same rules apply to an authority file than a customer database, or even a library users’ file?