Dimensions and the GDPR

We've been increasingly asked about the GDPR (General Data Protection Regulation), coming into force in May, and how we are preparing for this. For those unaware, the GDPR is the new European law that will regulate the use and protection of data relating to an identified or identifiable individual (i.e. personal data). Many of the GDPR’s main concepts and principles are similar to those under existing European law, although there are new elements and significant enhancements.

What are we doing to prepare for GDPR?

At Dimensions, we’ve been working hard to ensure that we’ll be fully compliant with the GDPR when it comes into effect, having carried out a detailed data mapping exercise across our business, ensuring data protection by design and updating our policies and procedures. We’re also reviewing all our vendors (like AWS), finding out about their GDPR plans and making sure they have all their ducks in a row.

Dimensions data and the GDPR

Much of the data we use and display within Dimensions (see app.dimensions.ai) contains personal data, such as names of journal article authors and details of their research history, which is already publicly available and forms part of the scientific record. By increasing its discoverability and helping identify linkages, amongst other things, we believe this adds value to the scientific community and rely on our “legitimate business interests” to process this information, further details of which will be set out in our privacy policy that will be updated in the next few weeks (see below).

User accounts and the GDPR

If you register to use Dimensions, we require certain limited information about you to set-up an account. The Dimensions product team is currently developing functionality to ensure users can delete this information by a simple button within the account settings area - this will result in the deletion of your registration details and other information that may be linked to your account. 

You may also be interested to know that our privacy policy will be updated in the next few weeks to ensure it meets the (extensive) new information requirements of the GDPR. However, we don’t plan to use the personal data we process for anything new.

Our contracts with institutional customers

Where we process personal data on an institution’s behalf, our contract will likely need to be updated to meet the new requirements of the GDPR. We have developed a GDPR contract addendum for this purpose, which is intended to replace the existing data protection provisions in our customer contracts when the GDPR comes into effect. Please contact support@dimensions.ai and we will provide a copy, which will need to be signed and returned.

Any questions?

If you need any more information, please feel free to contact us at support@dimensions.ai.