Identify what personal data is being processed at the library by using a data flow/chart

Introduction: :

 

  • What is personal data?
  • What exactly is the gdpr?
  • Why/how are the libraries affected by the GDPR?

Body:

 

Explaining the data handling process

  • Identifying what personal data is being processed at the library by using a data flow/chart
  • Defining how to handle personal data at the library (After being aware of the data being collected and from where its coming from, the next step is deciding on what is actually needed and for how long. + talking about the data subject right-GDPR articles 15 to 21)
  • Implementing appropriate measures (GDPR states: “the controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed”)

 

Challenges:

 

Volunteers:

  • Difference between data protection and confidentiality(Data Protection has a very close relationship with Confidentiality, but they are not the same thing. + A sound Confidentiality policy is therefore essential in most voluntary organisations, to protect clients and service users in particular, but also to respect the privacy of donors, supporters, employees and volunteers. In order to avoid confusion it is often best to separate this from the organisation’s Data Protection policy, while ensuring that the two policies are consistent with each other and mutually supportive.)
  • Security(Volunteers should therefore receive specific training, not just to point out the existence of policies, procedures and guidance that they are expected to follow, but also to remind them of the many ways in which confidentiality can inadvertently be compromised.)
  • Data retention(Volunteers should be reminded that when they are acting on behalf of an organisation, the data they collect or hold belongs to the organisation, not to them personally. It should therefore be retained in accordance with the organisation’s retention schedule. )

 

Protecting patron privacy

 

The public may not be literate enough in being “private” so protecting patron privacy includes securing the technological infrastructure of the library through information security standards and best practices.

 

Conclusion: summary