As the date for the introduction of the European Union’s General Data Protection Regulation (GDPR) draws ever closer, we are on the cusp of sweeping changes to data protection and privacy that will force organisations to seriously scrutinise their processes for collecting and managing personal data.
In preparation for these changes we have implemented new processes, and new functionality into our products so that we, as Data Processors, meet our obligations under the new rules. As the Data Controllers however, libraries are ultimately responsible for their users’ data and the way it is handled, and there are still more steps that can be taken to ensure the data you hold in the systems adheres to your responsibilities under GDPR.
To help you meet these obligations we have developed a package of changes to your Axiell software that includes the following:
LMS reconfiguration
- A report to extract machine readable data
Through the GDPR changes individuals have enhanced rights to access and amend their personal data. With this change, library borrowers will be able to request a list of every piece of data stored about them in your LMS.
To help you quickly and easily supply personal data lists, we will produce a report that can extract all borrower data into a machine-readable format, such as XML or CSV. This report will help to save you time searching through all possible stored data locations, and it neatly compiles a report that is ready and readable for the individual.
- Tidy up script for all stored borrower messages
If you use Borrower Messages, we also include:
The GDPR changes permit individuals access to all data stored about them, including borrower messages. While borrower messages can display useful messages to staff, libraries may not want those shared with the borrower themselves.
A script can be created that will remove all stored borrower messages in your LMS, which will save time manually removing or editing the existing messages.
Arena reconfiguration
- Portlet configuration to show all borrower information from the LMS
New functionality has been implemented into Arena version 3.3, whereby users can view all the stored information about them in the My Profile page. This feature helps the user access all their data easily, and brings your Arena site in line with the GDPR requirements.
- Portlet configuration to display reminders to borrowers to update their stored information
The GDPR changes means that all stored personal data must be accessible by the individual and it must be correct. To ensure all data is correct, we will configure the login portlet to display an update reminder message that must be actioned.
- Portlet configuration to display a GDPR general agreement terms and condition document
A general agreement document will be enabled on your Arena site, which directs users to a terms and conditions document detailing data protection rules within libraries. The document provides useful information to users about how their data is being used and what they are agreeing to by being a library member.
Training database reconfiguration
- An anonymisation script of your training database
Training databases contain vast amounts of sensitive personal data that is not regularly updated due to the use of live systems. Holding inaccurate personal data is a breach of GDPR regulations. A script will be applied to your training database that anonymises all personal borrower data.