As many of you will be aware, GDPR has come into effect from May this year.
Jisc ran an event last year, and the notes and videos from may well be of interest
https://www.jisc.ac.uk/events/gdpr-conference-06-dec-2017

If you need help identifying what personal data is held on your EPrints repository then get in touch.

What information does EPrints store about individuals in the repository?
We can supply details on what the user accounts store, which is likely what is needed as this relates to your staff, past and present. Information about individuals more generally, such as externals, will only be held in the publication records, and while we can supply this too, its likely only name and email address.

How do we find out what information is stored for a given individual?
Most information in the system can be queried by the Admin searches, Item search (for publications etc), users search, and history search,

What is the process for removing information about an individual?
Information about a given individual or publication can be purged from the system, via the admin tools or if something bespoke is required, contact us.

There is also a community lead activity, to support GDPR activities in an EPrints context, see https://wiki.eprints.org/w/GDPR