General Data Protection Regulation (GDPR)

Back to Policies & guidelines

GDPR stands for General Data Protection Regulation and was brought into effect on 25 May 2018.

The GDPR is a European Union regulation designed to give individuals in the EU control over the personal data held by organizations. The regulation stipulates the responsibilities of organizations with respect to the collection, storage, sharing, transfer, and retention of personal data.  Further detail can be found on the official website of the Information Commissioners’ Office (ICO).

Why is this important to you as an editor?

As a journal editor, you have access to the personal data of authors, reviewers, and other editors who are part of the publishing program for your journal.  To allow us to publish an authors’ article, we need to capture certain elements of personal data.  This personal data includes:

  • Title (e.g. Mr, Miss, Mrs)
  • Name
  • Email Address
  • Institutional affiliations
  • Postal Address
  • Phone number

Your obligations under GDPR

In your capacity as an editor, you have access to this personal data via Taylor & Francis Editorial platforms.  It’s important that you understand the reasons why this personal data is captured, and how it fits into our business relationship with the individual.  We only capture personal data to allow us to publish the authors’ article.  This data should only be used to support the process of publishing this article. As an editor, you have a duty of care in the way you handle this personal data, and have responsibility to keep this personal data secure.  Please see below a series of recommendations on how to keep this personal data secure and limited to only authorized use.

How can I protect any personal data I may handle?

  • Avoid extracting information from the peer review system unless it’s in support of the process of publishing articles in your journal.
  • Ensure that all data extracted from your peer review system is saved in a password protected file format. This means that all reports you receive that contain personal data must be password protected within the document. For more information about how to password protect Excel Spreadsheets see this website.
  • Ensure that personal data isn’t shared with anyone who wouldn’t reasonably be expected to have access. For example, it is reasonable to assume that a Taylor & Francis employee would have access to the personal data of authors and reviewers in your peer review system. It wouldn’t be reasonable to assume that one of your colleagues would have access to a specific author or reviewer’s email address unless they were already in contact with them. If you are asked to provide information about an author to someone who doesn’t work for your journal or your publisher, please refer their request to the managing editor for your journal.
  • Ensure that the data in your peer review system isn’t used to populate any mailing lists. There are strict rules around marketing communications and many emails that may not be considered “direct marketing” would fall foul of these rules. If you wish to send a communication to all your authors or reviewers, please contact your Global Peer Review contact at Taylor & Francis.

What are the specific restrictions?

Under GDPR we have stringent obligations to ensure that our users’ data is only used for the purposes that we outline in our privacy policy and that we don’t use their data for any purpose beyond what they might reasonably expect based on the service or product they are using from our business.

We also undertake searches for new reviewers and these are added to our databases for invitation to review manuscripts, as this forms a core part of running a journal. These individuals are still able to decline the invitation, and additionally request that they are not invited in the future. If you are unsure how to remove a reviewer from appearing in your reviewer searches, please contact [email protected] with the name and email address of the person who has requested removal from your database.

I’m not an EU citizen so why does this matter?

While you may not be based in the EU, if you deal with authors, reviewers or even fellow editors who are based in the EU then they will be covered by GDPR.