• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Connecting Researchers and Research

Sign in/Register
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Privacy Policy
  • About
        • Our Mission
          • 2025 Vision
          • ORCID Trust
          • Annual Reports
        • Team
          • ORCID Board
          • ORCID Team
          • Work with Us!
        • Services
          • Member Portal
          • Annual data files
          • Member API
          • Public API
          • ORCID Registry
        • Governance
          • Bylaws
          • Board Elections
        • Policies
          • Privacy Policy
          • Dispute Procedures
          • Public Client Terms of Service
          • Open Source Project License
          • Public Data File Use Policy
          • Terms of Use
          • Brand Guidelines
  • For Researchers
        • Benefits for Researchers
        • Researcher FAQ
        • Video Tutorials
        • Your ORCID Record
        • Get Help
  • Membership
        • Membership Benefits
          • Benefits for Funders
          • Benefits for Publishers
          • Benefits for Research Organizations
          • Benefits for Research Resources
        • Get Membership
        • Member List
        • ORCID Map
        • Membership Comparison
          • Basic Membership
          • Premium Membership
          • ORCID Consortia
        • ORCID Consortia
          • Consortia Agreement
          • Consortia Onboarding Checklist
          • Roles and Responsibilities of ORCID Consortia
  • Documentation
        • Features
          • Member Portal
          • Member API
          • Public API
          • ORCID Registry
          • Annual Data Files
        • Workflows
          • Journal Articles
          • Employment
          • Peer Review
          • Funder and Grants
          • View More
        • Integration Guide
          • Getting Started with Your Integration
          • Sandbox Testing Server
          • Registering a Member API Client
          • Integration and API FAQ
          • View More
        • API Tutorials
          • Get an Authenticated ORCID iD
          • Read Data on a Record
          • Add and Update Data on an ORCID record
          • Hands On with the ORCID API
          • View More
        • Member Portal
          • Member Portal Organization Admin Guide
          • Member Portal Email Guide
          • Member Portal Beta Program Guide
  • Resources
        • ORCID Community
        • Community Programs
          • Certified Service Providers
          • ORCID API Users Group
          • Historical Task Forces, Working Groups, and Steering Groups
        • Get Involved
          • Community Groups
          • Developers
          • Give Feedback
          • ORCID API Users Group
        • Member Resources
          • ORCID Enabled Systems
          • Publishers Open Letter
          • Funders Open Letter
          • Standard Member Agreement
          • Outreach Resources
          • Register a Sandbox API Client
          • Register a Production API Client
  • News & Events
        • News
          • ORCID News
          • Member News
          • Consortia News
          • Integration News
          • Blog
          • Product Updates
        • Events
          • Events Calendar
          • Webinars

Getting Ready for GDPR

February 22, 2018 By Joe Schwarze

 

The EU General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, is the most important change in data privacy regulation in 20 years. GDPR will apply to all companies processing the personal data of all European Union residents, regardless of the company’s location.  Researcher control and privacy are core principles for ORCID, and we have been following the evolution and implementation plan of the regulation closely.

Key changes include:

  • strengthening the conditions for consent, such as requiring the use of clear and plain language and making it as easy for individuals to withdraw consent as to give it
  • increased penalties for non-compliance
  • expanded rights for individuals including access to data held about them and the right to be “forgotten”
  • including data protection in system design, rather than as an after-thought

ORCID’s current privacy policy, which is recertified annually with an external auditor, has already been reviewed by our consortia lead organizations in several European countries. The general consensus is that there shouldn’t be any major compliance issues for ORCID, because:

  • Individual users can provide institutions with authenticated permission to update their ORCID records
  • Individual users have full control of all permissions granted to institutions. The permission can be revoked at any stage.
  • Using the ORCID API, an institution can securely update metadata in existing ORCID records
  • Individuals can delete all items an institution has updated in their ORCID record and control the visibility of these items.
  • The institution does not add entire publications to an individual’s ORCID record, only metadata
  • Systems can only update ORCID records if they have been granted permission to do so by the individual record-holder; the Registry cannot import metadata from other system APIs without individual consent

We are working on an official English translation of the German legal review, which we will share once available.  Broadly speaking, it found no substantive data protection shortcomings. In fact, the summary notes that our privacy policy, which ensures researcher control, is a “model character” that allows users to “view and control at all times which data are processed how on the platform and who had access to the data when.”

Bolstering this positive feedback on our existing practices and policies, we have categorized the GDPR into five main areas that we will be working on:

  1. Data storage
  2. Consent
  3. Data subject rights processes
  4. Security documentation
  5. Legal and contractual review

We will report in more detail on our work in these areas in future blog posts. Please don’t hesitate to contact us if you have any questions in the meantime.

Blog

Filed Under: News

Primary Sidebar

Search

Blog Posts by Category

  • Consortia News (39)
  • Integration News (50)
  • Member News (30)
  • News (434)
  • ORCID News (196)
  • Product Updates (75)

Recent Posts

  • Restructuring Engagement to Optimize Member Support
  • OpenAIRE EXPLORE Makes it Simple to Add Works to Your ORCID Record
  • 2021 Product: Our Progress to Date and Future Plans
  • Use Your ORCID Record to Build Your Career: An Interview with Dr. Adriana Romero-Olivares
  • ORCID and Morressier

Sign up for blog updates

We will only use your email to notify you when we have new blog posts. You can unsubscribe at any time. See our Privacy Policy for more information.

Check your inbox or spam folder to confirm your subscription.

ORCID logo

CC0 The text of this website is published under a CC0 license Images and marks are subject to copyright and trademark protection.

  • About ORCID
  • Privacy Policy
  • Terms of Use
  • Accessibility Statement
  • Contact us
  • Dispute procedures
  • Brand Guidelines