This guide provides advice for users of PKP applications on how to approach the EU General Data Protection Regulation (GDPR), which went into effect on May 25, 2018. It provides guidance on how to best configure OJS to be GDPR-compliant, and includes information on some of the policies that those using OJS with EU clients will want to consider.
PKP’s approach to the GDPR is an ongoing engagement, and will include code changes within PKP applications, and revisions to this guide, over time. Some information on near-term application changes are included at the end of this document but should not be considered exhaustive.
PKP, as a software provider, has a responsibility to provide secure software and timely bug fixes, and we welcome this opportunity to strengthen privacy rights. Those that host the software, as well as those who utilize it to publish journals, books and other artifacts, should consider ways of addressing the rights and responsibilities involved in scholarly publishing.
This guide should not be considered a source of legal advice. It is not a substitute for consulting appropriate legal authorities in your jurisdiction. It is up to publishers to determine whether and in what ways the GDPR applies to their publications. For further information on PKP’s approach and to discuss aspects of this guide, please contact firstname.lastname@example.org.
PKP would like to thank our development partners for their many significant contributions to this document, in particular: