Anthology Position on GDPR
Anthology Position on GDPR (as of post on July 10, 2018)
Privacy Shield. Currently, Anthology is in the process of obtaining a Privacy Shield compliance certification. Privacy Shield is required for compliance with the General Data Protection Regulation (“GDPR”) when personal data (as defined in the GDPR) is transmitted and/or stored outside of the EU.
GDPR Compliance. The GDPR applies to all-natural persons when they are present in the EU. Identification of data subjects (as defined in the GDPR) is the responsibility of the institution. Furthermore, with regards to GDPR compliance, Anthology is the data processor and the institution is the data controller. The legal basis for the collection and processing of personal data is the responsibility of the institution.
Response to GDRP Requests:
Anthology shall provide reasonable and timely assistance to institution to enable institution to respond to:
any request from a data subject to exercise any of its rights under the GDPR (including its rights of access, correction, objection, erasure and data portability, as applicable); and
any other correspondence, inquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the personal data.
In the event that any such request, correspondence, inquiry or complaint is made directly to Anthology, Anthology shall promptly inform institution providing full details of the same.
Covenant to Pursue Additional GDPR Compliance Efforts. Anthology is currently reviewing product enhancements and features to help ensure our ability to support institution’s needs as well as the compliance requirements applicable to Anthology and institution as processor and controller, respectively, under the GDPR.
In the case of an on-prem Course Evaluations solution, the institution assumes the role of Data Controller and Data Processor. When requested, Anthology will provide support to the institution in complying with any GDPR request.