LIBRARY MANAGEMENT IN THE CONTEXT OF THE GDPR

In April 2016, the European Parliament, the Council of the European Union and the European Commission adopted a major new regulation, entitled the General Data Protection Regulation (GDPR) 696/2016, requiring that institutions that process personal data take appropriate measures to safeguard that data. It is generally acknowledged that all European countries must adopt the rules set forth in this regulation. The main objective of the GDPR is to protect personal data privacy and obligate the holders of personal data to use it for their declared purposes only. The GDPR will come into force on 25 May 2018. It is proposed that the role of Data Protection Officer (DPO) be employed as a strategy for implementing the GDPR from the perspective of library managers. There are so far no concrete measures in place that would facilitate the application of the GDPR. The most appropriate measures would seem to be to appoint a DPO and to define adequate strategies that could be implemented at the library level. These two measures are the manager’s responsibilities. The arguments for a library-level DPO arise from GDPR Article 39 regarding the responsibilities of a DPO. The conclusions are related to findings regarding the roles of library managers in Romania and Sweden and to existing library legislation in these two European countries.