GDPR Compliance

I have experienced several times that various companies purchased databases of e-mail addresses and other information about persons who may be potential customers of their commodities. Those companies used that information to send them their mail campaigns. Sometimes they receive information about clients that are retired, young, athletes or sorted according to various criteria. Many people asked themselves how they do now that I am retired recently or that I my kids just enrolled in secondary school. Many people felt embarrassed and confused after they realized that their privacy is not protected and that their private information is distributed to third parties without their consent.

Search engines often allowed anyone to easily find information about people that are registered in any on line system.

Sometimes journal editors while entering archives of previous issues of their journals, articles and information about authors in web applications such as OJS are faced with repetitious work of entering information about some authors.  Some of them asked developers to develop plugin which will enable that will enable them to have drop down list of users so they can easily select user and insert it in list of authors of some scientific article. They did not have any intention of making public that list or to use that feature anywhere except in administration panel of their web applications. But, their benevolent intention can in some contexts produce unpleasant consequences for some authors.  Thus, it is needed that privacy is protected by design not just by possible honest intentions of people who use data about other people.

Numerous complaints in previous years motivated legislators in the EU to pass by very strict rule that will protect data about people. The EU adopted General Data Protection Regulation.

“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”  It will have very strong impact on entities within EU and those which store and use information of the citizens of the countries that are the EU members. The EU General Data Protection Regulation (GDPR)  was approved by the EU Parliament on April 14, 2016 and enforcement day is May 25, 2018.  Organizations in non-compliance can face heavy fines.  It is important to read part on extra-territorial applicability which reads:

“Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to data process ‘in context of an establishment’. This topic has arisen in a number of high profile court cases. GPDR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU. ”

There is still time to be prepared and in order to do so properly please read the text of adopted text of The EU General Data Protection Regulation (GDPR).



Manuals for Open Journal Systems

I have found that many editorial boards struggle with a lack of concise instruction materials and a lack of people who can train them with hands-on approach.  They usually find some solutions in on-line forums, but it is time consuming for editorial boards to spend so much time and look for partial information. Sometimes people who write manuals do not explain each step.  Several people contacted me and asked: “What I have to do now?  Something is missing.”

System administrators, software developers assume that what is easy to them it should be easy to everyone.  They plan training to be done in one evening because “It is easy. ” In my experience, I often found out that such practice leads to misconfiguration of application, underuse of its features,  mistakes in performing workflow tasks and procedures.  Work with applications as the Open Journal Systems is not hard but it is complex and it takes some time until user is familiar with its functionality and simple procedures for configuration and efficient use.

I wrote manuals for authors, editorial boards and reviewers for scientific journals according to their needs.

You can find here manual for authors, editorial boards, and reviewers.

I will publish here soon manual that puts together some basic administrative and editorial functions aimed to successful configuration of your Open Journal Systems application for your journal.


A number of virtual machines on one server

I have been recently invited by high level officials of one institution to help them to publish several journals on line.  Indeed, I recommended them to use Open Journal Systems which they gladly accepted.

They showed me their server, but one of high officials said: “You know, we do not have anyone who knows Linux.  We heard that you know it. we have on our server several installations for different web platforms, but we do not have idea how to fix several small issues and how to make everything work smoothly.”  I looked at each of those GNU/Linux installations and realized that many of them are installed as desktop machines with some additional applications such as web server, PHP, MySQL etc. But, many of those installations were lacking several dependencies resulting that some modules in web applications did not work. People who installed them were elsewhere and they did not have any documentation on settings, active services, software package versions and other important information related to virtual machines with operating systems and web applications installed on them.

I suggested to them that is necessary somehow to standardize those installations and choose GNU/Linux distribution that is efficient and easy to administer and migrate web applications to newly installed virtual machines and create documentation with precise information on operating system version, versions of important applications and infrastructure requirements. Those specifications will help administrator to manage backups, upgrades, maintenance, testing instead of guessing where is which application  and with what other application is or is not compatible.  They were scared since they were not sure how to do that and how many work hours is needed for that. Well, that will save a number of work hours of saving damaged or corrupted data, misbehaving applications or consequences of compromised virtual machines due to software packages that were not upgraded when needed.

Thanking to experience and knowledge of free software developers and users of GNU/Linux and many other free software applications it is possible to plan, project and implement whole infrastructure and web applications in a way that can assure users and administrators that everything will work smooth.

It is needed to take care on:

  • scalability
  • security
  • easy of use
  • ease of quality administration
  • price
  • maintenance
  • documentation
  • backups

We can add more criteria and discuss all of them which is beyond scope of this post. But, I want to stress importance that free software, open access are not just sandbox for benevolence and good will.  It is rather, very serious activity and require a lot of work in order to make sure that users of information and knowledge we publish on web applications designed for open access publishing  will have positive experience that will help them to learn.



Licensing – Open Access

In my work with editorial boards of scholarly journals I found often that they support idea of open access in general. But, it is not clear always that licensing itself from the legal point of view may be quite complex.  Heads of scientific libraries and editorial boards sometimes discuss for long time issues related to licensing issues.  Sometimes that takes too much time since their lawyers sometimes say:  “That license gives you framework for implementation of open access ideas, but in our legislation it will be hard to make defense at the court. ” Well, it might be quite useful to have close cooperation with lawyers, NGOs and other people involved in the development of legislative efforts and translate Creative Commons license and do necessary steps so it can be accepted and accepted in legislation in your country.

In some countries people register their work in national copyright agencies, but absence of registration does not imply absence of protection and copyright.

One of successful and viable licensing practices is to choose appropriate Creative Commons licenses for article, data set, images or other article components.  Scientists who would publish source code of software used and created in research may use free software licenses. Please note that license does not relate to the content on images, video in terms of privacy and other potential legal issues.  For example, video showing a woman doing breast self-exam can be from the point of video authoring protected by Creative Commons. But if video shows face of the woman showed in video recording her privacy is violated if she had not given clear consent for that previously.

Editorial boards and librarians should often visit the website of EIFL.  They made very useful Handbook on Copyright and Related Issues for Libraries.  Those who would like to learn more on use of Creative Commons and what users can do with Creative Commons licenses please visit page with information on webinar related to that topic.  Knowledge acquired from those resources can help you to be more efficient, productive and safe in your publishing efforts. Your administrator can insert appropriate licensing information in published content.

The Open Journal Systems can insert licensing information in the article metadata  automatically and save your effort and time.


Administrator should take care on technical matters, I will do the science?

Information and communication technologies are very complex and it is not easy for everyone to master all aspects of on line publishing. That is true. Isn’t it!

Surely, there is some sort of division of labor requested too. But, lessons drawn from experience show that only intensive, open and productive communication and collaboration between administrator and editorial board will produce good result. The both work on a common task.  There is no search engine optimization or graphically appealing theme that should do work instead of academic rigor. in addition, if there is academic rigor and hard work and dedication of editorial board, the journal will not be visible if the system is often down. Even, much beyond that polarization of (a lack of ) success only mutual understanding of technology, editorial needs, plans, ambitions is something that creates ground for success.

We do not have server. How we can test on line publishing?

Many journals do not have resources to purchase web hosting plans. Before they make decision to move forward, check what is good for them, what to put in the project proposal to donors it is highly recommended to check web platform such as OJS on your local computer.

You can use one of popular prepacked and configured platforms such as XAMPP which will let you install OJS and check it how it works.  You can download OJS  and install it. There is a plenty of resources on using XAMPP on YouTube.

Install it and ask people on forum to help you to learn more about the system. I know people who have had positive experience with checking some platform locally before going fully on-line.  When I work with editorial boards I always suggest and help them to install it locally and then with better insight and proper planning to conceptualize their OA publishing policy.

People who planned on line use of ATutor and/or OJS in my experience benefited a lot from checking those applications locally.  Do not be shy, move forward and ask for help.  Asking is not shame. That is core of community support!

How to start open access publishing?

laptop with headphones

Many people asked me how to start open access publishing.  My answer was often like this: Let’s go! Do it!

Indeed, I still think the same. But, I would add to that answer:  The preparation is more than 70% of work.

Huh! What does that mean?, someone may ask.

Since I have been many times involved in fixing issues caused by bad or missing preparation I will list below important questions that you should take into consideration before you start. Well, that preparation will be more than start!  Time that you spend in preparatory activities is not lost if preparation is well done.  The points that I am listing below will help you to do that properly.

Do we have sufficient information on web platform that we will use for publishing?

Note: Web platforms for publishing are not “sites” with static pages. If you need site with a plenty of information maybe you should consider creating a separate site.

Should we use OJS, E-Prints or some other? Are they made for the same purpose?

Note: You should list the standard specifications that your platform should comply with and check what is the main purpose of what you want to do.  It is better to ask several people than use something that you do not need and later on do a huge work twice.

Do we have good quality information with one or more hosting companies/IT department of our institution?

Note: You should take into consideration that web applications developed for storage of a large number of files use a lot of space out of public_html folder and that some hosting companies/IT departments are not willing/prepared to create account for you that will store out of public_html 20GB of data and just 100MB within public_html.  Prepare list of questions to hosting company/IT department and carefully read their replies to your questions before making any decision on hosting your web platform for OA.

What kind of control panel hosting company/IT department will prepare for you?  Are you skilled and trained to use them?  Do they give you sufficient control?

Note:  Some control panels are not sufficiently known and many people do have difficulties using them. For example, I found that many admins did have difficulty setting up Sentora to give sufficient permissions for storing data outside of public_html safely. Or, hosting companies do not give you right to modify that part of your account.  That could be troublesome and you may need additional skills to handle that safely.

How many articles we plan to publish on line?  Do we have thousands of articles or just we want to start with issues we published last year?  Note:  You have to bear in mind that many systems make two or more copies of your files/articles in the system during review process. Consequently, 530MB of data that you have got will take much more space on the server.

Are those articles scanned or we have them as recently produced .pdf files or in some other format? Are the scans of good quality?  Can we read math, chemical or other scientific symbols? Are there articles with announcements and advertisements in the middle of text?  Do we have articles that are continued on some other pages?  Are their pieces put together?  Do we have available software to handle those files?

Do we want to enable our riders to pay subscription on line? Do we want to let authors to pay publication fee on line?  Do we have communication with our partner bank and clear instructions how to do that? Are there any costs for that? Is that defined in our legislation?  Can we provide invoice to authors that need to document their expenses to supporting agency?

Do we have people who are trained or willing to be trained to set up properly web application that we will use and to upload files and complete all necessary forms for metadata, about authors and contributors?  What time they will need to do that?

Note: Lessons drawn from experience often say that it is needed more time than we think at the beginning since it is very important to do the job properly. If metadata, authors names and affiliations etc. are not done properly the readers can be confused and misinformed which is contrary of what we want to do.

Are we able to pay those who will enter all data and upload files? Are they really able to volunteer and do a huge work properly?  Did we check our printed issues in the last couple of years to determine what information should be entered in web application? What are the names of sections?  Who are the section editors? Can we contact them? Do we want to write a list of instructions that will be given to those who will enter data? Do we have a person who will supervise and check accuracy of entered data?   Can we expect some legal actions if  some data is not entered properly?

Note: It is normal that journal in their history change  names, editorial policies, copyright policy, topics, supporters etc.  Sometimes journals do have different names for the same topic/section in journal. I have found several times that there is section Errata, Erratum, Corrigenda which actually describe the same thing or that publisher was changed.  Is there decision how to enter data in those cases?  Do we have consensus on that?

Do we want to have some other applications on account on server? What kind/version of infrastructure they require? Can we make that to work easily?  Do their requirements create conflicts with our open access publishing application?