Q: What is the General Data Protection Regulation (GDPR)?

A: The GDPR is a European Union regulation.  Its main objective is to give citizens and residents control over their personal data. The regulation stipulates the responsibilities of organizations with respects to storage, processing and transfer of personal data.

Q: Who is covered by the GDPR?

A: Any entity, regardless of its location, that stores the personal data of European Union citizens and residents. This means that GDPR is applicable to virtually every scholarly publisher.

Q: What happens when publishers outsource data services?

A: GDPR identifies a “Data Controller” and a “Data Processor”. The Data Controller is the entity that determines the purposes, conditions, and means of processing personal data. The Data Processor processes personal data on behalf of the Data Controller.

Q: What is “privacy by design”?

A: GDPR requires that the system is designed to support privacy, and that access to personal data is minimized and limited to those needing to perform the processing. Editorial Manager has been carefully designed to limit and control access to data. Publishers should review their data access policies and their configuration settings in Editorial ManagerRead More

Q: What is the “Right to be Forgotten”?

A: Under GDPR, EM users will be able to request that journals remove/anonymize their personal information from the system at any time. To help with this requirement, Editorial Manager (Version 15.0) includes a mandatory footer in every outbound email that notifies users of this right. In addition, Editorial Manager (Version 15.1) includes an administrator optionRead More