Introduction to GDPR
On May 25, 2018, a new privacy law called the General Data Protection Regulation (GDPR) took effect in the European Union (EU). It replaces the Data Protection Directive (“the Directive”), which has been in effect since 1995.
While the GDPR preserves the principles established in the Directive, it is a much more ambitious law. Among its most notable changes, the GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, or analyze personal data.
As part of our commitment to assist our customers on their journey to GDPR compliance, Ex Libris has developed product-specific papers to help our customers prepare for GDPR. These papers describe tools and capabilities built into our products and other defined procedures that can assist your organization in addressing individual “data subject” rights under the GDPR.
Ex Libris is committed to General Data Protection Regulation (GDPR) compliance. Our engineering, product, security and legal teams have been working to align our procedures, documentation, contracts, and services to support compliance with the GDPR.
We also support our customers with their GDPR compliance journey with our strong foundation of implemented security and privacy frameworks and certified security and privacy controls.
Data Processing Agreement
Ex Libris has published a Data Processing Agreement (DPA) for each of our product groups to incorporate the appropriate terms required by the GDPR into the relevant customer agreements. These DPAs have been created under the supervision of EU privacy experts and are designed to comply with the GDPR and to reflect the specific details of the data processing activities within Ex Libris services.
All customers that are processing personal data that is subject to the GDPR through Ex Libris services must have a DPA with us to allow both the customer and Ex Libris to comply with the DPA requirements of the GDPR. Most of the agreements signed with our customers prior to May 2018 did not include a GDPR DPA. If your current Ex Libris service agreement does not include a GDPR DPA, you should download, sign, and return the DPA or DPAs appropriate to the Ex Libris service that you use.
Once you have downloaded, reviewed, and signed the Addendum, please scan and email it to:
Please ensure that you return an Addendum for each relevant group of Ex Libris services that you use.
As required by the GDPR and other privacy regimes, Ex Libris provides users with information regarding affiliates and trusted third-party vendors it engages as subprocessors to support Ex Libris in providing Ex Libris’ various solutions and services. We also include other useful information regarding data center providers and locations.
Privacy Impact Assessments (PIAs)
Privacy Impact Assessments, including a brief description of the data processed in each solution, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved, are available for select Ex Libris solutions. These PIAs were performed by a leading privacy consultation firm, KPMG.