Page tree
Skip to end of metadata
Go to start of metadata


This page provides guidance and information how your DSpace based repository service can comply to GDPR regulation.

Appropriate lawful basis for processing personal data

Legitimate interest

In order to use legitimate interest as the lawful basis of processing personal data, your repository service must be clear about what the legitimate interests are.

TEMPLATE: Informing registered DSpace users (Legitimate basis - NOT asking consent)

Detecting and reporting breaches

GDPR requires detection and reporting of breaches.

DSpace breach: definition


DSpace breach: affected parties - who to contact


DSpace breach: what to communicate - how to address breach


Addressing consumer requests enforcing GDPR rights

You might be getting these type of requests/emails to enforce GDPR rights of consumers: 

Right of access and data portability


Right of rectification


Right to be forgotten


Right to be informed


Right to restrict processing


  • No labels

1 Comment

  1. Would be great if similar to creative commons, we can use a lingua franca in the form of official icons, to communicate what's being done with data: