Introduction

This page provides guidance and information how your DSpace based repository service can comply to GDPR regulation.

Appropriate lawful basis for processing personal data

Legitimate interest

In order to use legitimate interest as the lawful basis of processing personal data, your repository service must be clear about what the legitimate interests are.

TEMPLATE: Informing registered DSpace users (Legitimate basis - NOT asking consent)

Detecting and reporting breaches

GDPR requires detection and reporting of breaches.

DSpace breach: definition

...

DSpace breach: affected parties - who to contact

...

DSpace breach: what to communicate - how to address breach

...

Addressing consumer requests enforcing GDPR rights

You might be getting these type of requests/emails to enforce GDPR rights of consumers: https://github.com/bram-atmire/GDPR-Claim-Templates 

Right of access and data portability

...

Right of rectification

...

Right to be forgotten

...

Right to be informed

...

Right to restrict processing

...