The General Data Protection Regulation (GDPR, 2016/679/EE) and the (Big) Personal Data in Cultural Institutions: Thoughts on the GDPR Compliance Process

This paper addresses GDPR in cultural heritage and memory institutions handling (Big) personal data. We discuss the compliance’s necessity, common risk factors, needs to be taken into account, and we propose a GDPR process of phases and deliverables.