GDPR and Librarians – What do we need to know? According to Wikipedia: The General Data Protection Regulation (GDPR) is a regulation in the European Union, a law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
This law has created awareness and questioned the importance of protecting personal data. In India, many political parties create information/stories/ propaganda based on the personal information that we share on social media. We have seen the like of this with Cambridge Analytics controversy and questions about the Aadhar card. Political parties, advertisers, and organizations often use personal data, manipulate information to convey their message to the citizens.
Therefore, as librarians, we need to be aware and check the privacy policy of the online databases we use in our schools, colleges, and any institution. Recently our Technology Department recommended we check with our vendors to ensure that the personal data of the teachers, parents, and students are not being misused and shared with the third party for advertisements or for anything else.
In this article, the Indian government has recognized the importance of data protection and privacy and is working towards creating a stringent law to protect their citizens. As for the present laws they are not strict enough to ensure complete protection of personal digital information except for the ones controlled by the government.
So, when it comes down to us librarians – What do we need to do? We need to visit the online databases that the educational institute subscribes to, scroll to the bottom of the website and read the privacy policy. If it does not make sense, please write to them and ask if they have a privacy policy in place (in writing) and if they can assure you that the school data (information) is not being shared with any third party. If they cannot assure you that, you need to know that and disclose that information to your users. Otherwise, your Technology Department can help you work around the privacy policy for your institution.