General Data Protection Regulation and the GSFL

General Overview

As of the 25^th of May 2018, the General Data Protection Regulation (GDPR) as stipulated by the European Parliament and Council came into effect.  This regulation is designed to protect natural persons with regard to the use, processing, and storage of their personal data.  In line with the data privacy mandates established by the GDPR, the Germanic Society for Forensic Linguistic Linguistics (GSFL) adheres to the following 3  key Guiding principles: f1.) fair, transparent, and lawful processing; 2.) purpose limitation; and 3.) data minimization and retention.  We have summarized the most important points of the GSFL Policy Guidelines with respect to the GDPR below.  For your convenience, we have also included the relevant GDPR  Chapters and Articles.

For more on the overall scope of the GDPR, see: GDPR Chapter 1 (Article 2)

What exactly is “personal data”?

In accordance with the GDPR, the term personal data refers to pieces of information that can be used to identify an individual person.  Examples of include personal names, postal addresses, and email addresses.

For more terminological definitions, see: GDPR Chapter 1 (Article 4)

What personal data does the GSFL maintain and for how long?

When an individual formally applies for membership within the Germanic Society for Forensic Linguistics (GSFL), the following personal data is requested: first name; last name; academic title; email address; full postal address; telephone number; professional affiliation; place of employment; area(s) of research interest and/or specialization; and a short biographical professional statement.  This information is maintained for the period of time that said individual maintains his/her GSFL Membership .

Once an individual’s membership with the GSFL has been terminated, his/her personal data is expunged from the active GSFL membership lists.  However, for the purposes of Society’s record-keeping and filing system and in compliance with the regulations governing the operation, regulation, and taxation of the GSFL as an official registered association within Germany and the EU at large, the above-mentioned pseudonymized personal data is archived by the Society.

For more on data processing for scholarly and academic purposes, see: GDPR Chapter 9 (Article 85: Recital 153)

How will my personal data be protected?

Protecting and respecting our members’ privacy is of the utmost importance to the GSFL. For that reason, in accordance with the GDPR, all individual personal data that is collected by the Society will be subjected to a pseudonymization process which assigns each member an alphanumeric code.   This code is designed to prevent the unauthorized identification of any Society member.  In addition, none of the personal data collected by the GSFL will be disclosed with any third party without the individual members’ written permission.  The personal data collected by the GSFL is maintained both electronically in password protected computer system of the GSFL headquarters as well as in an offline datastore (paper) also maintained at the GSFL headquarters.

How will my personal data be used?

The personal data collected by the GSFL is used exclusively to conduct the business of the Society and provide membership services including the distribution of the quarterly, monthly, quarterly, and yearly newsletters; the issuance of billings for goods and services provided to members; the organization of information materials for the GSFL scholarly events such as the Emerging Scholars’ Day and the GSFL Roundtable; and the continuing compliance with local, regional, national, and international laws governing the operation, taxation, and regulation of the GSFL as an officially registered association within Germany and the EU at large. Should a personal data security breach occur, both supervisory governmental authorities as well as any affected data subject will be notified within 72 hours of discovery.  This notification will include a description of the nature of the breach, the personal data units affected, and the corrective technical and organizational measures taken to rectify the problem.

For more on personal data processing security, see GDPR Chapter 4 (Articles 32-36)

Who has access to the personal data collected by the GSFL?

The members of the GSFL Executive Council, where necessary and applicable, may access the GSFL store of personal data for internal Society processing purposes with regard to conducting the daily business transactions of the Society, providing the above-mentioned member services, and complying with aforementioned local, national, and EU GDPR regulations.

For more on data processing obligations, see: GDPR Chapter 4 (Articles 24, 25, and 30)

What if I have questions about the GSFL and my personal data?

The data protection officer for the Society is the GSFL President, Dr. I. M. Nick.  One of the primary responsibilities of this position is to ensure that the appropriate organizational and technical measures are put into place and followed to maintain the integrity, privacy, confidentiality, and accuracy of the personal data collected and maintained by the GSFL.  All members of the GSFL have the right to view their own personal data and request that inaccuracy be rectified.  In addition, GSFL members have the right to request the erasure of their personal data when one of more the following pre-conditions apply: 1.) the personal data are no longer necessary for the execution of the original processing purposes for which they were collected; and /or 2.) the member withdraws his/her consent to have his/her personal data maintained by the GSFL, provided that there is no contravening superseding legal statute or regulation requiring.  Once the data protection officer has received an official request regarding the update, deletion, or review of a member’s own personal data, said officer shall endeavour to reply within a period of 72 hours.  Should you have any questions or concerns regarding your personal data or the GSFL’s data management policies, Dr. I. M. Nick may be contacted by sending a message to the following email address: [email protected] 

For more on personal data processing security, see: GDPR Chapter 4 (Articles 32-36)

For more on the data protection officer, see:  GDPR Chapter 4 (Articles 37-39)

For more on the rights of data subjects, see: GDPR Chapter 3 (Articles 12-23)

Where can I learn more about the GDPR?

The EU Regulation of the European Parliament and of the Council from the 27^th of April 2016 regarding the protection of natural persons and the processing of their personal data (Directive 95/46/EC), also known as the General Data Protection Regulation, can be found in various Germanic languages: English, German, Danish, and Dutch.  Information on data protection and privacy rights in the UK can be found here.  A detailed legal discussion of this subject within the United States can be found here.