 |
 |
Hi, I'm no legal expert, but (from experience through a variety of organisations) as I understand it the main thing you need to do is update your privacy policy to reflect tell people what data you're collecting and under what legal basis - depending on how the user signed up this will probably either be the "contract" or the "legitimate interests" bases. Just so long as users are aware that their data will be used for Library management purposes when they join the institution. You should already be deleting obsolete user data under the data protection act. As a small FE library with no external users, we're thankfully not going to need a separate privacy policy from the rest of the college. I'd guess big HE libraries who allow external borrowers will probably need one though (it'd certainly be good practice); particularly if you do a lot of archiving and\or scientific research so process personal data related to that under the "public task" justification. The ICO page breaks this all down really well: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ And their blog is great to dispel some GDPR panic\myths: https://iconewsblog.org.uk/tag/gdprmyths/ Kind regards, Vijay Vijay Chopra Learning Centre Advisor Tel: 023 8057 7307\7409 [cid:image002.png@01D138DE.08E9F2E0]<http://www.southampton-city.ac.uk/> [cid:image008.jpg@01D3EE91.1D484320]<https://www.linkedin.com/company/284058?trk=vsrp_companies_res_name&trkInfo=VSRPsearchId%3A1738964841415956930908%2CVSRPtargetId%3A284058%2CVSRPcmpt%3Aprimary>[cid:image009.jpg@01D3EE91.1D484320]<https://twitter.com/city_college>[cid:image010.jpg@01D3EE91.1D484320]<https://www.facebook.com/sotoncitycollege> southampton-city.ac.uk From: A general library and information science list for news and discussion. [mailto:[log in to unmask]] On Behalf Of Tracey Stanley Sent: 18 May 2018 08:48 To: [log in to unmask] Subject: Re: GDPR sign-up from existing members Hi, We are just handling this through renewal when memberships expire. I assume we are just talking about external memberships here rather than our staff and student body who will be covered under broader University arrangements. We do have automated renewals but I'm not aware that we've had an external members decline to provide an email address. Would be interested to see if there is a different consensus on what we should be doing, as maybe I should be raising it with our Data Protection Officer! Tracey From: A general library and information science list for news and discussion. [mailto:[log in to unmask]] On Behalf Of Jane Mansfield Sent: 17 May 2018 16:42 To: [log in to unmask] Subject: GDPR sign-up from existing members Can I please ask what other libraries are doing in terms of GDPR opt-in from existing users? We have a process for new members, who join our library as of now, but have existing members for whom this process wasn't in place when they joined. I'd be interested to know how your library is handling the GDPR opt-in: * If you have reference users, are you expecting them to opt in now, or just to opt in, or choose not to extend their membership, when their current period of membership expires and they come in to renew? * How long have you given users to get back to you to confirm their expression of interest? To add to the fun we're moving to auto-renewals this summer so will need borrowers to agree to receive emails going forward or they will no longer be able to borrow as we won't otherwise be able to quickly notify them that an item can't be renewed. If you have auto-renewals, do you have any users who declined to provide you with an email address (we currently have a handful who haven't provided us with one) and how did you handle that? Thanks, Jane Jane Mansfield Senior Assistant Librarian (Service Development and Delivery), Library and Learning Services DE MONTFORT UNIVERSITY Leicester LE1 9BH T: +44 (0) 116 207 8376 E: [log in to unmask]<mailto:[log in to unmask]> W: dmu.ac.uk Click here<https://www.mailcontrol.com/sr/XKMQMqO3+xfGX2PQPOmvUmQbZlJUA6MYd4T0JGZ08POvidl!07M0rChM4TzepYYoKd5IQyUuuM+g1M3YVHc55g==> to report this email as spam.