Q: Does Aries offer additional GDPR resources?

A: Yes. This presentation from the 2018 European Editorial Manager User Group Meeting is particularly helpful. Keep an eye on our web site for updates and resources.

Q: What is the General Data Protection Regulation (GDPR)?

A: The GDPR is a European Union regulation.  Its main objective is to give citizens and residents control over their personal data. The regulation stipulates the responsibilities of organizations with respects to storage, processing and transfer of personal data.

Q: Who is covered by the GDPR?

A: Any entity, regardless of its location, that stores the personal data of European Union citizens and residents. This means that GDPR is applicable to virtually every scholarly publisher.

Q: What is the penalty for failure to comply with GDPR?

A: 20 million Euros or 4% of global annual revenue, whichever is the greater.

Q: When does the GDPR take effect?

A: GDPR goes into effect beginning May 25, 2018.

Q: What happens when publishers outsource data services?

A: GDPR identifies a “Data Controller” and a “Data Processor”. The Data Controller is the entity that determines the purposes, conditions, and means of processing personal data. The Data Processor processes personal data on behalf of the Data Controller.

Q: What is a Publisher’s role in connection to GDPR?

A: Typically the publisher/journal/society is the Data Controller.

Q: What is Aries’ role in connection to GDPR?

A: Aries is a Data Processor.

Q: GDPR requires that citizens explicitly give clear consent to storage of their data. Is this possible within Editorial Manager?

A: Yes. Publishers can and should configure a registration question that requires users to affirmatively consent to processing of their personal data. From Version 15.0 forward, this will be mandatory regardless of publisher configuration.

Q: GDPR requires that citizens have a “right to access” and receive their personal data. Is that possible within Editorial Manager?

A: Yes, Editorial Manager includes a range of functions that allow users to access their data and receive their data in a machine portable format.

Q: What is “privacy by design”?

A: GDPR requires that the system is designed to support privacy, and that access to personal data is minimized and limited to those needing to perform the processing. Editorial Manager has been carefully designed to limit and control access to data. Publishers should review their data access policies and their configuration settings in Editorial ManagerRead More

Q: What is the “Right to be Forgotten”?

A: Under GDPR, EM users will be able to request that journals remove/anonymize their personal information from the system at any time. To help with this requirement, Editorial Manager (Version 15.0) includes a mandatory footer in every outbound email that notifies users of this right. In addition, Editorial Manager (Version 15.1) includes an administrator optionRead More