OCLC is committed to comprehensive compliance with the General Data Protection Regulation (GDPR). We map how data is collected, stored, and retained; manage GDPR compliance across our vendors; and cooperate with our libraries in processing individual data subject access requests. Privacy principles are incorporated into all OCLC products and services by default. We also recognize our responsibility to help libraries in their efforts to document how their personal data interacts with OCLC and to comply with regulations.
GDPR: A global partnership with libraries
The 2018 GDPR affects all aspects of how companies process EU personal data, including OCLC and its customers. OCLC recognizes that compliance with the GDPR requires an ongoing effort between OCLC and our partners and customers in their use of applicable OCLC services. We are well-positioned in our GDPR efforts with a comprehensive privacy program that incorporates continual improvement to support libraries around the world in understanding how their data is collected, stored, used, and retained.
OCLC staff worldwide support libraries in their efforts to comply with the GDPR and other worldwide privacy regulations and to address their patrons’ requests about the use of their data. OCLC encourages our customers to independently familiarize themselves with GDPR for their compliance efforts.
Working together, we have been addressing and will continue to explore opportunities within our relevant service offerings to assist our customers in meeting their GDPR obligations as data controllers.