Sign up now for Client Certification Foundation Course - June cohort!
Pure's logos
Pure Help Center for Pure Administrators

If you are a researcher, or other non-admin at your institution, click here.

  • Home
  • Announcements
  • Release Notes
  • Technical user guides
  • Training
  • Events
  • Support
  • Contact Us
  • Home
  • Knowledge base articles
  • Pure Core

How Can We Help?

Search Results

Filter By Category

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Contact us

Data retention policyData retention policy

The EU General Data Protection Regulation (GDPR) replaces previous data protection directives and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy, and to reshape the way organizations across the region approach data privacy. GDPR enforcement commences 25 May 2018.

 

Under the GDPR, in the context of a Pure installation, Elsevier acts as a Data Processor and the customer as the Data Controller.

Controllers and processors are required to "implement appropriate technical and organisational measures" to comply with the GDPR, taking into account "the state of the art and the costs of implementation" and "the nature, scope, context, and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of individuals."

In order to ensure that the Pure application is GDPR-compliant and to help all those customers that will be affected by the EU GDPR regulation we have audited all relevant parts of Pure. This audit has been conducted thoroughly in liaison with Elsevier's GDPR audit team, and required Pure to pass several stage gates in order to be endorsed as GDPR-compliant. 

The outcome of the audit is that the Pure application is fully GDPR-compliant from 5.11.0 release (Released February 2018).

 

Personal identifiable information in Pure

Based on the GDPR audit undertaken, we have created a Personal Data Inventory for all properties and data elements in Pure that can capture Personal Identifiable Information (PII). In the personal data inventory we have also addressed suggested retention actions and if there is a related business rule in place for a retention action.

We recommend that all customers affected by GDPR familiarize themselves with the Personal Data Inventory . (If the spreadsheet looks off, try and download the excel file rather than viewing it in your browser)

Data retention actions in Pure

There is no retention policy configured by default, so audit entries will not be pruned unless a retention policy is actively configured.

 

As part of the GDPR requirements we have implemented two configurable data retention actions for audit log entries:

  • Retention action for audit entries related to content that has been deleted
  • Retention action for audit entries related to user actions (logins, failed logins etc.)               
    Data retention policy enabled

The configuration can be accessed via the Administrator > Data retention policy tab. 

Hosting - Recommendations for on-premise hosted customers

For customers hosted by Elsevier, the hosting environment will be encrypted and GDPR-compliant before GDPR will come into force 25 May 2018.

For on-premise customers we recommend the following to ensure technical GDPR-compliance of your Pure installation:

  • All customer data should be encrypted, this includes the database files and the application server disks that contain Pure logs, index and audit files. We recommend full disk-encryption in order to be future-proof.
  • Access to customer data via the database, database host or to the application server host should be with personal credentials and audit logged.
  • Configure the data-retention policies in Pure to be in compliance.
  • Ensure that there are no Pure user accounts shared between multiple people or systems.
  • Ensure that there are backup processes in place and that the backups are protected appropriately.
  • Ensure that there are technical measures and processes in place to protect personal data and detect any breach, including notification of the relevant data protection agency within 72 hours of detection.

Elsevier supporter role authentication

We have added a specific authentication mechanism in Pure so Elsevier support personnel are authenticated using their personal credentials and all actions performed on behalf of a customer are logged using the supporter's username instead of the "atira" username.

The "Elsevier AD FS" authentication mechanism authenticates against the Elsevier federated Active Directory, ensuring that only authorized Elsevier support personnel can log in as a part of a support flow. Also any changes made by Elsevier employees will be audited using personalized credentials instead of the generic support user.

Elsevier adfs authentication settings

The authentication mechanism is activated by default. If the Pure installation does not have internet access or you deactivate the mechanism it will be necessary for you to create the support users manually for Elsevier supporters when necessary.

 

Published at May 05, 2025

Download
Table of Contents
  1. Personal identifiable information in Pure
  2. Data retention actions in Pure
  3. Hosting - Recommendations for on-premise hosted customers
  4. Elsevier supporter role authentication
Related Articles
  • Audit Retention Purger Job
  • 5.11.0
  • Privacy and Data Protection
Keywords
  • information storage
  • records management
  • gdpr
  • data retention policy
  • personal data inventiry
  • pii

Was this article helpful?

Yes
No
Give feedback about this article

    About Pure

  • Announcements

    Additional Support

  • Events
  • Client Community
  • Training

    Need Help?

  • Contact Us
  • Submit a Support Case
  • My Cases
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
Elsevier logo Relx logo

Copyright © 2025 Elsevier, except certain content provided by third parties.

  • Terms & Conditions Terms & Conditions
  • Privacy policyPrivacy policy
  • AccesibilityAccesibility
  • Cookie SettingsCookie Settings
  • Log in to Pure Help CenterLog in to Helpjuice Center

Knowledge Base Software powered by Helpjuice

Expand