What about data collected prior to May 25 2018?
- Policies and mechanisms should still be enforced.
Can editorial history be removed at the request of a user?
What about server log tracking (IP addresses, etc.)?
- This would be the responsibility of the service provider (who would be the data controller) in cooperation with the publisher (who would be the data processor). The service provider should also be GDPR compliant.
Are there any planned updates to OJS and OMP to further protect data privacy and support the GDPR?
- Yes. More information can be found in our GitHub Project page. Some items will be added to OJS/OMP 3.1.1-1, to be released before the May 25 GDPR deadline, and other, less critical items will be added over time.
- … and, no. At least, not for OJS 2.x or OMP 1.x. All updates will be made to the stable OJS and OMP 3 lines only.
You are releasing code for OJS/OMP 3.1.1-1. What if I can’t upgrade between the release date and May 25?
- Follow the general directions above to the best of your abilities, and plan on upgrading as soon as you can. Our understanding is that there will be some leeway given to organizations who can demonstrate that they are proactive in implementing GDPR solutions but who may not be 100% ready by the May 25 deadline.