CINXE.COM

<!DOCTYPE html> <html lang="en-US"> <head> <script src="https://cmp.osano.com/AzyzptTmRlqVd2LRf/e5ab6f32-982b-482e-8b7e-a980a63212ba/osano.js"></script> <link rel="stylesheet" href="https://cookie-consent.ieee.org/ieee-cookie-banner.css" type="text/css"/> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <title>GDPR Frequently Asked Questions | IEEE GDPR Volunteer Dashboard</title> <link rel="pingback" href="https://site.ieee.org/gdpr/xmlrpc.php"> <meta name='robots' content='max-image-preview:large' /> <link rel="alternate" type="application/rss+xml" title="IEEE GDPR Volunteer Dashboard » Feed" href="https://site.ieee.org/gdpr/feed/" /> <link rel="alternate" type="application/rss+xml" title="IEEE GDPR Volunteer Dashboard » Comments Feed" href="https://site.ieee.org/gdpr/comments/feed/" /> <link rel="alternate" type="text/calendar" title="IEEE GDPR Volunteer Dashboard » iCal Feed" href="https://site.ieee.org/gdpr/events/?ical=1" /> <link rel="alternate" type="application/rss+xml" title="IEEE GDPR Volunteer Dashboard » GDPR Frequently Asked Questions Comments Feed" href="https://site.ieee.org/gdpr/faqs/feed/" />     <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/site.ieee.org\/gdpr\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.2"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <link rel='stylesheet' id='tribe-events-pro-mini-calendar-block-styles-css' href='https://site.ieee.org/gdpr/wp-content/plugins/events-calendar-pro/src/resources/css/tribe-events-pro-mini-calendar-block.min.css?ver=7.3.0' type='text/css' media='all' /> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='contact-form-7-css' href='https://site.ieee.org/gdpr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=6.0' type='text/css' media='all' /> <link rel='stylesheet' id='crellyslider-css' href='https://site.ieee.org/gdpr/wp-content/plugins/crelly-slider/css/crellyslider.css?ver=1.4.6' type='text/css' media='all' /> <link rel='stylesheet' id='wib-feeds-style-css' href='https://site.ieee.org/gdpr/wp-content/plugins/vtools-webinabox-feeds/wibfeeds-style.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='ieee-wp-theme-style-css' href='https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/style.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='bootstrap3-css' href='https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/bs/css/bootstrap.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='ieeebootstrap3-css' href='https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/ieeebootstrap.css?ver=6.6.2' type='text/css' media='all' /> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3" id="jquery-ui-core-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/plugins/crelly-slider/js/jquery.crellyslider.js?ver=1.4.6" id="jquery.crellyslider-js"></script> <script></script><link rel="https://api.w.org/" href="https://site.ieee.org/gdpr/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://site.ieee.org/gdpr/wp-json/wp/v2/pages/221" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://site.ieee.org/gdpr/xmlrpc.php?rsd" /> <link rel="canonical" href="https://site.ieee.org/gdpr/faqs/" /> <link rel='shortlink' href='https://site.ieee.org/gdpr/?p=221' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://site.ieee.org/gdpr/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsite.ieee.org%2Fgdpr%2Ffaqs%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://site.ieee.org/gdpr/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsite.ieee.org%2Fgdpr%2Ffaqs%2F&format=xml" /> <script type='text/javascript'> var tminusnow = '{"now":"11\/23\/2024 09:07:22"}'; </script><meta name="tec-api-version" content="v1"><meta name="tec-api-origin" content="https://site.ieee.org/gdpr"><link rel="alternate" href="https://site.ieee.org/gdpr/wp-json/tribe/events/v1/" /> <script> document.documentElement.className = document.documentElement.className.replace('no-js', 'js'); </script> <meta name="generator" content="Powered by WPBakery Page Builder - drag and drop page builder for WordPress."/> <noscript><style> .wpb_animate_when_almost_visible { opacity: 1; }</style></noscript> <link rel="stylesheet" href="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/blue-white.css" type="text/css" media="all"> </head> <body class="page-template-default page page-id-221 tribe-no-js wpb-js-composer js-comp-ver-8.0 vc_responsive" ontouchstart=""> <div class="global-nav jumbotron"> <div class="container"> <div class="col-md-9"> <div class="pull-left"> <ul> <li> <a href="http://www.ieee.org/" class="first">IEEE.org</a> </li> <li> <a href="http://ieeexplore.ieee.org/">IEEE <em>Xplore</em> Digital Library</a> </li> <li> <a href="http://standards.ieee.org/">IEEE Standards</a> </li> <li> <a href="http://spectrum.ieee.org/">IEEE Spectrum</a> </li> <li> <a href="http://www.ieee.org/sitemap" class="last">More Sites</a> </li> </ul> </div> </div> </div> </div>  <div class="jumbotron banner"> <div class="container"> <div class="pull-right hidden-xs"> <a href="http://www.ieee.org" title="IEEE logo"> <img data-src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/images/ieee_mb_white.png" id="ieee_mb" class="img-responsive lazyload" alt="IEEE logo" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="><noscript><img src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/images/ieee_mb_white.png" id="ieee_mb" class="img-responsive" alt="IEEE logo"></noscript> </a> </div> <h1 class="site-title"><a href="https://site.ieee.org/gdpr/" rel="home">IEEE GDPR Volunteer Dashboard</a></h1> <h2 class="site-description"></h2> </div> </div>  <nav class="navbar-wrapper"> <div class="navbar navbar-default" role="navigation"> <div class="container"> <div class="navbar-header pull-left"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> </div> <a class="skip-link sr-only" href="#content">Skip to content</a> <div class="collapse navbar-collapse"><ul id="menu-main-menu" class="nav navbar-nav"><li id="menu-item-419" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-419"><a href="https://site.ieee.org/gdpr/">Home</a></li> <li id="menu-item-447" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-447"><a href="http://www.ieee.org/ouanalytics">OU Analytics</a></li> <li id="menu-item-445" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children dropdown menu-item-445"><a href="https://site.ieee.org/gdpr/list/" class="dropdown-toggle">Mailing Lists <b class="caret"></b></a> <ul class="dropdown-menu depth_0"> <li id="menu-item-480" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-480"><a href="https://site.ieee.org/gdpr/list/listserv/">Listserv</a></li> <li id="menu-item-446" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children dropdown menu-item-446 dropdown-submenu"><a href="https://site.ieee.org/gdpr/list/validate/" class="dropdown-toggle">List Validation</a> <ul class="dropdown-menu sub-menu depth_1"> <li id="menu-item-665" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-665"><a href="https://www.ieee.org/ieee-listvalidator">List Validator</a></li> <li id="menu-item-634" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-634"><a href="https://site.ieee.org/gdpr/list-validation-user-guide/">List Validation User Guide</a></li> </ul> </li> <li id="menu-item-478" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-478"><a href="https://site.ieee.org/gdpr/list/enotice/">vTools eNotice</a></li> <li id="menu-item-605" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-605"><a href="https://site.ieee.org/gdpr/bulk-upload/">Bulk Upload</a></li> </ul> </li> <li id="menu-item-466" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children dropdown menu-item-466"><a href="https://site.ieee.org/gdpr/digital-guidelines/" class="dropdown-toggle">Digital Guidelines <b class="caret"></b></a> <ul class="dropdown-menu depth_0"> <li id="menu-item-468" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-468"><a href="https://site.ieee.org/gdpr/digital-guidelines/cookie-compliance/">Cookie Collection</a></li> <li id="menu-item-528" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-528"><a href="https://site.ieee.org/gdpr/mobile-application-guidelines/">Mobile Application Guidelines</a></li> <li id="menu-item-558" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-558"><a href="https://site.ieee.org/gdpr/social-media-compliance/">Social Media Compliance</a></li> </ul> </li> <li id="menu-item-546" class="menu-item menu-item-type-post_type menu-item-object-page current-menu-ancestor current-menu-parent current_page_parent current_page_ancestor menu-item-has-children dropdown active menu-item-546"><a href="https://site.ieee.org/gdpr/training/" class="dropdown-toggle">Training & FAQs <b class="caret"></b></a> <ul class="dropdown-menu depth_0"> <li id="menu-item-380" class="menu-item menu-item-type-post_type menu-item-object-page current-menu-item page_item page-item-221 current_page_item active menu-item-380"><a href="https://site.ieee.org/gdpr/faqs/">GDPR Frequently Asked Questions</a></li> </ul> </li> <li id="menu-item-572" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children dropdown menu-item-572"><a href="https://site.ieee.org/gdpr/policies-terms-conditions/" class="dropdown-toggle">Policies/Terms & Conditions <b class="caret"></b></a> <ul class="dropdown-menu depth_0"> <li id="menu-item-625" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-625"><a href="https://www.ieee.org/ieee-data-access-and-use-policy.html">IEEE Data Access and Use Policy</a></li> <li id="menu-item-531" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-531"><a href="https://www.ieee.org/conferences/event-terms-and-conditions.html">IEEE Events Terms & Conditions</a></li> <li id="menu-item-629" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-629"><a href="http://site.ieee.org/gdpr/files/2021/11/IEEE-Presenter-Speaker-Consent-and-Release-1.pdf">IEEE Presenter/Speaker Consent and Release</a></li> <li id="menu-item-475" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-475"><a href="https://www.ieee.org/security-privacy.html">Privacy Policy</a></li> <li id="menu-item-563" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-563"><a href="https://brand-experience.ieee.org/guidelines/digital/social-media/">Social Media Policy</a></li> </ul> </li> <li id="menu-item-594" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-594"><a href="https://site.ieee.org/gdpr/privacyportal/">Privacy Portal</a></li> </ul></div> </div> </div> </nav> </header> <div id="content" class="site-content"> <div id="primary" class="container page-content"> <main id="main" role="main"> <div class="row"> <div class="col-md-12"> <ol class="breadcrumb"><li><a href="http://site.ieee.org/gdpr">Home</a></li><li class="active"> GDPR Frequently Asked Questions</li></ol> <h1>GDPR Frequently Asked Questions</h1> <p><strong><i>What is GDPR?</i></strong></p> <p><span style="font-weight: 400">The General Data Protection Regulation (GDPR) applies to all companies processing the personal data of people in the EU, regardless of the company’s location. Compliance with this regulation has been in effect since 25 May 2018.</span></p> <p><span style="font-weight: 400">The intent of GDPR is to give individuals (who are known in the regulation as “Data Subjects”) control of their </span><b>personal data.</b><span style="font-weight: 400"> For many activities, this requires IEEE to get </span><b>consent</b><span style="font-weight: 400"> from or provide notification to a person in order to be able to use their personal data. (see FAQ, “What is consent?”). There are other ways to lawfully process personal data – see FAQ, “Is Consent the only way to lawfully process personal data under GDPR”. </span></p> <p><span style="font-weight: 400">For IEEE, that means data about anyone who interacts with us, including members, customers, potential customers, and so on may be covered by GDPR.</span></p> <p><span style="font-weight: 400">All IEEE activities must comply with this regulation, and any other applicable data privacy regulations (such as HIPAA and CASL, Canada’s Anti-Spam Law) currently in effect</span><span style="font-weight: 400">.</span></p> <p><span style="font-weight: 400">IEEE is considered a </span><b>Data Controller </b><span style="font-weight: 400">because it is an entity that determines the purposes, conditions, and means of the processing of personal data. IEEE staff must also comply with data privacy regulations.</span></p> <p> </p> <p><strong><i>What is personal data?</i></strong></p> <p><span style="font-weight: 400">Personal data is defined as any information relating to an identified or identifiable person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to information such as a name, telephone number, email address, location data, IP address or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.</span></p> <p><span style="font-weight: 400">Some personal data may be considered “sensitive” and require special care such as encryption. Sensitive data includes categories such as:</span></p> <ul> <li style="font-weight: 400"><span style="font-weight: 400">Racial or ethnic origin</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Political opinions</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Religious or philosophical beliefs</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Trade union membership</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Genetic data</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Biometric data for the purpose of uniquely identifying a natural person</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Data concerning health or a natural person’s sex life and/or sexual orientation</span></li> </ul> <p><span style="font-weight: 400">Anyone collecting sensitive personal data should also consider the need for the collection, processing, and storage of that data, and determine if it is truly necessary. Because IEEE volunteers conduct much of the activity of the organization, this includes any work that brings volunteers in contact and control of personal data. </span></p> <p><span style="font-weight: 400">Additionally, these requirements would apply to third-party sources of personal data such as event registration vendors, market research companies we’ve contracted with, and the like. The current version of IEEE’s Master Service Agreement, available on the </span><a href="http://inside.ieee.org/content/finance-and-administration/controller-s-office/strategic-sourcing/96567"><span style="font-weight: 400">IEEE Strategic Sourcing contracts template page</span></a><span style="font-weight: 400">, includes the required language. </span></p> <p><strong><i>What is </i><i>Consent</i><i>?</i></strong></p> <p><span style="font-weight: 400">For privacy purposes, we ask people if we may use their data for specific purposes. At IEEE (and at many other companies), we list how a person’s data will be used (at a high level) in our Privacy Policy, then ask each person to accept that policy. This acceptance becomes their consent for the uses outlined in the Privacy Policy.</span></p> <p><span style="font-weight: 400">Related information:</span></p> <ul> <li style="font-weight: 400"><span style="font-weight: 400">You can find the IEEE Privacy Policy as a link on many of our web sites’ home pages.</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Consent is not required for many uses of a person’s data. For example, if a person purchases an IEEE membership (or IEEE product, etc.) , IEEE will provide member services that are included with the membership. See FAQ, “Is Consent the only way to lawfully process personal data under GDPR?”, for more detail.</span></li> <li style="font-weight: 400"><span style="font-weight: 400">In addition to consent, some IEEE groups provide granular subscriptions (opt-in or opt-out). For example, an individual may accept the Privacy Policy but opt out of emails. See FAQ on subscriptions for more information.</span></li> </ul> <p><strong><i><br /> At IEEE, does GDPR apply just to data from people in the EU?</i></strong></p> <p><span style="font-weight: 400">Because protecting privacy is important to IEEE and to ensure all relevant data is covered, we made the decision to work to apply the protections of GDPR to all personal data, regardless of the geographic source of that data. </span></p> <p><i><span style="font-weight: 400">What are the risks and consequences if IEEE does not comply with GDPR? </span></i></p> <p><span style="font-weight: 400">Not complying with GDPR brings both reputational and financial risk to IEEE. If we do not adequately protect personal data, individuals may be reluctant to engage with IEEE. In addition, the regulation does provide for significant financial penalties for non-compliance. EU regulators have the authority to levy a fine in an amount that is up to the GREATER of €20 million (well over $20 million US) or 4% of global annual turnover in the prior year. </span></p> <p><i><span style="font-weight: 400">How is IEEE collecting consent to use people’s data?</span></i></p> <p><span style="font-weight: 400">For IEEE, the primary method of getting consent is through acceptance of the IEEE Privacy Policy. The Privacy Policy describes a number of ways that IEEE </span><span style="font-weight: 400">may</span><span style="font-weight: 400"> use personal data, including categories such as:</span></p> <ul> <li style="font-weight: 400"><span style="font-weight: 400">To communicate with you about a meeting, conference, or event</span></li> <li style="font-weight: 400"><span style="font-weight: 400">To administer products</span></li> <li style="font-weight: 400"><span style="font-weight: 400">To process transactions</span></li> </ul> <p><span style="font-weight: 400">We are collecting acceptance to the Privacy Policy through many interaction points (such as when members join or renew, when a person registers for an event, etc.). For the most part, anytime we are collecting personal data, we should be collecting acceptance of the Privacy Policy or confirm that the individual has already accepted it.</span></p> <p><span style="font-weight: 400">In addition to the Privacy Policy, some activities may have separate terms and conditions that individuals must accept. For example, when signing up for automatic renewal of membership, individuals must accept terms and condition about charging of their credit card and that all selected memberships will be automatically renewed. Similarly, joining IEEE or registering for conferences will have specific terms and condition that need to be accepted.</span></p> <p><span style="font-weight: 400">In order to efficiently collect acceptance data,, we have begun using a centralized Consent Management System. This tool can be integrated into websites and applications. For more details, see the information below on integrating the IEEE Consent Management System into your websites. This system will be our foundation to track and manage consent, subscriptions, and other points of user information. If you are working on an activity or event that has terms and conditions, you need to pass that information to the consent management system.</span></p> <p><span style="font-weight: 400">Any application that uses Single Sign On will already confirm whether or not a person has accepted the Privacy Policy.</span></p> <p><i><span style="font-weight: 400">Is </span></i><i><span style="font-weight: 400">Consent</span></i><i><span style="font-weight: 400"> the only way to lawfully process personal data under GDPR?</span></i></p> <p><span style="font-weight: 400">No, the GDPR specifies a number of allowable reasons for processing personal data, including contractual obligations and legitimate interests. </span></p> <p><b><br /> Contractual Obligations</b><span style="font-weight: 400">: It may be necessary to process some personal data to meet your contractual obligations with a member or customer. For example, when people order a digital product, you need their email address to deliver it.</span></p> <p><b>Legitimate Interest</b><span style="font-weight: 400">: You may able to use personal data in ways people would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. </span></p> <p><span style="font-weight: 400">For example, organizations such as IEEE have legitimate interest in protecting against piracy and IP theft. To do so, we may track excessive downloads from IEEE </span><i><span style="font-weight: 400">Xplore</span></i><span style="font-weight: 400">, which may include capturing some personal data such as IP address. Similarly, we may rely on consent (that is, acceptance of the Privacy Policy) for our marketing communications, but may rely on legitimate interests to justify analytics to inform our marketing strategy and to enable it to enhance and personalise the “consumer experience” we offer customers and members.</span></p> <p><span style="font-weight: 400">When using legitimate interest as the reason for processing personal data, we need to document the reasoning behind that, prior to doing so. This documentation would include:</span></p> <ul> <li style="font-weight: 400"><span style="font-weight: 400">Purpose test – is there a legitimate interest behind the processing or communication?</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Necessity test – is the processing necessary for that purpose?</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Balancing test – is the legitimate interest overridden by the individual’s interests, rights or freedoms?</span></li> </ul> <p><span style="font-weight: 400">The test for legitimate interest will be applied as appropriate by the GDPR Taskforce on behalf of the business to ensure that they are completed correctly and we have a record of their applicability. Individual business groups should contact IEEE’s DPO if they have any questions.</span></p> <p> </p> <p><strong><i>What rights does someone have under the GDPR?</i></strong></p> <p><span style="font-weight: 400">Under GDPR, individuals may have certain rights to control their personal data. Key among these are:</span></p> <ul> <li style="font-weight: 400"><span style="font-weight: 400">Right to be Forgotten/Erasure: Individuals may require IEEE to erase their personal information from databases. </span></li> <li style="font-weight: 400"><span style="font-weight: 400">Right to Access/Data Portability: Individuals have the right to know what data we have on them and if asked, Data Controller must provide a copy of personal data in a commonly used and machine readable electronic format.</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Right to Rectification: Individuals have the right to correct or supplement incomplete or incorrect information.</span></li> <li style="font-weight: 400"><span style="font-weight: 400">Right to Object: Individuals have the right to object to the processing or use of their data, including direct marketing.</span></li> </ul> <p><span style="font-weight: 400">If an individual wishes to avail themselves of these rights, they need to send an email to </span><a href="mailto:privacy@ieee.org"><span style="font-weight: 400">privacy@ieee.org</span></a><span style="font-weight: 400"> with the phrase “GDPR Request” in the subject line. </span></p> <p><span style="font-weight: 400">This email will trigger a process that as been developed to roll this request out to all OUs to determine what information we have on that individual and how we can respond to their request.</span></p> <p><span style="font-weight: 400">All staff and volunteers managing personal data may then be required to search their data for the individual making the request, take the needed action (e.g., delete, make a copy, etc.), and report back the staff lead for Data Subject Requests in their OU. </span></p> <p><i><span style="font-weight: 400"><br /> <strong>How do I determine if I can send an email to a list of people?</strong></span></i></p> <p><span style="font-weight: 400">IEEE has a number of tools that can be used to communicate with members or customers and still ensure we remain compliant. IEEE systems or services such as the self-managed </span><a href="http://enotice.vtools.ieee.org/"><span style="font-weight: 400">vTools eNotice</span></a><span style="font-weight: 400"> or staff-managed BDRS have the ability to confirm acceptance of the privacy policy and only send emails to individuals who have indicated acceptance.</span></p> <p><span style="font-weight: 400">For other lists, IEEE has developed a List Verification tool for staff and volunteers that can compare email addresses to the master database of those that have accepted the privacy policy. Information for that tool is </span><a href="http://site.ieee.org/gdpr/list/validate/"><span style="font-weight: 400">available on List Validator link on the GDPR Resource Page</span></a><span style="font-weight: 400">.</span></p> <p><span style="font-weight: 400">Specific guidelines are being developed to help volunteers and staff to understand when it is appropriate to communicate with users based on interactions beyond consent. These will also include when not to include someone in generalized marketing outreach.</span></p> <p> </p> <p><strong><i>If I collect data offline or from a tool not connected to the consent management system, how do I get that consent into the Consent Management System?</i></strong></p> <p><span style="font-weight: 400">IEEE has developed a List Upload tool that staff and volunteers can use to add the information of those that have accepted the privacy policy to the master database. </span></p> <p><span style="font-weight: 400">Instructions for using the tool will be <a href="http://site.ieee.org/gdpr/list/validate/">available on List Validator link on the GDPR Resource Page</a>.</span></p> <p> </p> <p><strong><i>How do I handle </i><i>data breaches</i><i>?</i></strong></p> <p><span style="font-weight: 400">A data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, </span><span style="font-weight: 400">personal data</span><span style="font-weight: 400"> transmitted, stored or otherwise processed.” This could include a lost or stolen laptop that contains personal data, the accidental emailing of personal data to non-authorized users, and so on.</span></p> <p><span style="font-weight: 400">Under GDPR, IEEE has only 72 hours to notify EU authorities after discovering a data breach, so rapid action is important. If you suspect a data breach, immediately contact the IEEE IT Security Team at </span><a href="mailto:IT-Security@ieee.org"><span style="font-weight: 400">IT-Security@ieee.org</span></a><span style="font-weight: 400">.</span></p> <p> </p> <p><strong><i>What do I need to do for websites I manage?</i></strong></p> <p><span style="font-weight: 400">There are two key actions that website owners should take. First, IEEE websites need to display a specific cookie notice when people first visit that website. This banner alerts people when they first visit a website that we are using cookies and provides a link to the privacy policy.</span></p> <p><span style="font-weight: 400">Instructions for adding the cookie banner are available <a href="http://site.ieee.org/gdpr/website-requirements/cookie-compliance/">Cookie Collection link </a></span><span style="font-weight: 400">on the IEEE GDPR Resources Page</span><span style="font-weight: 400">. </span></p> <p><span style="font-weight: 400">Secondly, for websites that collect personal data, website managers should connect to the IEEE Consent Management System. instructions are available on the IEEE GDPR Resources Page. </span></p> <p> </p> <p><strong><i>Can Anonymization, Pseudo-anonymization, and Encryption help?</i></strong></p> <p><span style="font-weight: 400">Yes, if correctly done. Anonymization, where it is no longer possible to identify specific individuals, takes that data out of the scope of GDPR.</span><span style="font-weight: 400"> Nonetheless, if appropriate, data should be anonymized.</span></p> <p><span style="font-weight: 400">Pseudo-anonymization, where an individual can only be identified with additional information (such as a token or a look-up table) can be an important part of privacy by design and reduce the risk of leaking personal data. However, that data is still under the scope of GDPR. </span></p> <p><span style="font-weight: 400">Similarly, encryption, while not mandatory under GDPR, is another tool that we can use to protect personal data. This includes such practices as only transmitting personal data through secure methods. For example, using sFTP rather than FTP, encrypting laptops or portable storage devices that contain personal data, ensuring websites use “https” rather than “http,” and so on.</span></p> <p> </p> <p><i><span style="font-weight: 400"><strong>What is Do Not Track (DNT)?</strong> </span></i></p> <p><span style="font-weight: 400">When you browse the web on computers or mobile devices, you can send a request to websites not to collect or track your browsing data. It’s turned off by default. However, what happens to your data depends on how a website responds to the request. Many websites will still collect and use your browsing data to improve security, provide content, services, ads and recommendations on their websites, and generate reporting statistics.</span></p> <p><span style="font-weight: 400">There is currently no standard for how DNT consumer browser settings should work on commercial websites. If users enabled the DNT signal in their browser, their browsing history and other information should not be collected, but there are no legal or technological requirements for the use of DNT. Websites and advertisers may either honor or ignore DNT requests.</span></p> <p><span style="font-weight: 400">IEEE currently does not honor the DNT settings as we use cookies, we capture information required for our websites to function normally, and this is required to do business including security of our systems, capturing analytics using webtrends, google analytics and other tools used across the enterprise. We also don’t have control over the third parties that are integrated with our websites.</span></p> <p><strong><i>How do I get more information on GDPR and how IEEE is complying with it?</i></strong></p> <p><span style="font-weight: 400">For further information, please visit the </span><a href="http://site.ieee.org/gdpr/"><span style="font-weight: 400">IEEE GDPR Resources page</span></a><span style="font-weight: 400">.</span></p> <p> </p> <p><span style="font-weight: 400">Contact Information:<br /> privacy@ieee.org<br /> </span><span style="font-weight: 400">IEEE<br /> </span><span style="font-weight: 400">445 Hoes Lane<br /> </span><span style="font-weight: 400">Piscataway, NJ 08854 USA</span></p> <p><strong><i>Glossary of Terms</i></strong></p> <p><span style="font-weight: 400">Data Subject: A person who has data from the European Union (EU) or from Iceland, Norway, or Liechtenstein</span></p> <p><span style="font-weight: 400">Data Subject Request: A formal request by an individual from the EU to avail themselves of their rights under GDPR such as obtaining copies of their data, requesting changes to it, restricting the processing of it, deleting it, or receiving it in an electronic format so it can be moved to another controller (another person or organization that controls the individual’s personal data).</span></p> <p><span style="font-weight: 400">Personal Data: Any information relating to an identified or identifiable person (known in GDPR terminology as a ‘data subject’)</span></p> <p><span style="font-weight: 400">GDPR: The European Union General Data Protection Regulation, a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).</span></p> <p> </p> <p> </p> <p><span style="font-weight: 400">Date: </span><span style="font-weight: 400">18 June 2018 </span>Ver 1.0</p> </div> </div> <div class="row"> <div class="col-md-12 hidden-md hidden-lg hidden-xl"> <div role="menu" class="list-group" id="secondary-nav-container"> </div> </div> </div> <footer class="entry-meta"> </footer> <hr class="clear"> </main> </div> </div>  <div class="the-wedge-bottom"></div> <div class="jumbotron footer">  <div class="container"> <div class="row"> <footer> <div class="col-md-10 pull-left"> <ul> <li> <a href="https://site.ieee.org/gdpr" title="Home">Home</a> </li> <li> <a href="http://www.ieee.org/about/contact_center/index.html" title="Contact & Support">Contact & Support</a> </li> <li> <a href="http://www.ieee.org/accessibility_statement.html" title="Accessibility">Accessibility</a> </li> <li> <a href="http://www.ieee.org/about/corporate/governance/p9-26.html" title="Nondiscrimination Policy">Nondiscrimination Policy</a> </li> <li> <a href="http://www.ieee-ethics-reporting.org" title="IEEE Ethics Reporting">IEEE Ethics Reporting</a> </li> <li> <a target="_blank" href="https://www.ieee.org/security_privacy.html" title="IEEE Privacy Policy">IEEE Privacy Policy</a> </li> <li> <a href="https://www.ieee.org/about/help/site_terms_conditions.html">Terms</a> </li> </ul> <p> IEEE GDPR Volunteer Dashboard<br /> © Copyright 2024 IEEE – All rights reserved. A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. </p> </div> <div class="col-md-2 pull-right"> <p> <a href="http://www.ieee.org" title="IEEE"> <img data-src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/images/ieee_mb_black.png" id="ieee_mb" class="img-responsive lazyload" alt="IEEE" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="><noscript><img src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/images/ieee_mb_black.png" id="ieee_mb" class="img-responsive" alt="IEEE"></noscript> </a> </p> </div> </footer> </div> </div> </div> <script> ( function ( body ) { 'use strict'; body.className = body.className.replace( /\btribe-no-js\b/, 'tribe-js' ); } )( document.body ); </script> <script> /* <![CDATA[ */var tribe_l10n_datatables = {"aria":{"sort_ascending":": activate to sort column ascending","sort_descending":": activate to sort column descending"},"length_menu":"Show _MENU_ entries","empty_table":"No data available in table","info":"Showing _START_ to _END_ of _TOTAL_ entries","info_empty":"Showing 0 to 0 of 0 entries","info_filtered":"(filtered from _MAX_ total entries)","zero_records":"No matching records found","search":"Search:","all_selected_text":"All items on this page were selected. ","select_all_link":"Select all pages","clear_selection":"Clear Selection.","pagination":{"all":"All","next":"Next","previous":"Previous"},"select":{"rows":{"0":"","_":": Selected %d rows","1":": Selected 1 row"}},"datepicker":{"dayNames":["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],"dayNamesShort":["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],"dayNamesMin":["S","M","T","W","T","F","S"],"monthNames":["January","February","March","April","May","June","July","August","September","October","November","December"],"monthNamesShort":["January","February","March","April","May","June","July","August","September","October","November","December"],"monthNamesMin":["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],"nextText":"Next","prevText":"Prev","currentText":"Today","closeText":"Done","today":"Today","clear":"Clear"}};/* ]]> */ </script><script type="text/javascript" src="https://site.ieee.org/gdpr/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18" id="wp-hooks-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.0" id="swv-js"></script> <script type="text/javascript" id="contact-form-7-js-before"> /* <![CDATA[ */ var wpcf7 = { "api": { "root": "https:\/\/site.ieee.org\/gdpr\/wp-json\/", "namespace": "contact-form-7\/v1" }, "cached": 1 }; /* ]]> */ </script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0" id="contact-form-7-js"></script> <script type="text/javascript" id="countdown-script-js-extra"> /* <![CDATA[ */ var tCountAjax = {"ajaxurl":"https:\/\/site.ieee.org\/gdpr\/wp-admin\/admin-ajax.php","countdownNonce":"8ae6d3feeb"}; /* ]]> */ </script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/plugins/jquery-t-countdown-widget/js/jquery.t-countdown.js?ver=2.4.0" id="countdown-script-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/bs/js/bootstrap.min.js?ver=3.1.0" id="bootstrapjs-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/js/jquery.menu-aim.js?ver=20140310" id="jquery-menu-aim-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/js/theme-tools.js?ver=20140310" id="ieee-wp-theme-tools-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/themes/wptemplate_2023/js/skip-link-focus-fix.js?ver=20130115" id="ieee-wp-theme-skip-link-focus-fix-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-includes/js/comment-reply.min.js?ver=6.6.2" id="comment-reply-js" async="async" data-wp-strategy="async"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7" id="page-links-to-js"></script> <script type="text/javascript" src="https://site.ieee.org/gdpr/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=3.16.9" id="smush-lazy-load-js"></script> <script></script> </body> </html>