The GRI Sustainability Disclosure Database is published by the Global Reporting Initiative, a foundation (Stichting) under the laws of the Netherlands (“GRI”). As a networking organization, GRI requires personal information from stakeholders through processes connected to the Sustainability Disclosure Database and the main GRI website. The respect for privacy is essential for maintaining trust between GRI and the various companies, institutes and individuals in its network. This page explains how GRI intends to use and protect people’s personal data and explains the different processes for adding data to the Sustainability Disclosure Database.
Most information in this database comes from GRI and its past collaboration with Data Partners, in an effort to gain an overview of sustainability reporting around the world.
All individuals with an internet connection, residing anywhere in the world (“users”) can access the GRI Sustainability Disclosure Database without the need for registration. However, organizations that have produced a sustainability report or integrated report that is included in the Database are provided special access to customize pages related to their organization. If your organization is included in the Database but has not received special access information for updating your organization and report profiles, please contact GRI. The access details are solely for this user, who is a representative of the organization, who is authorized by that same organization, to enter data into the database.
GRI acts in conformity with the Dutch Data Protection Act (Wet Bescherming Persoonsgegevens). GRI collects certain personal data via the main GRI website user registration, the report registration procedure and the Sustainability Disclosure Database. As a consequence, GRI is the ‘responsible party’ under the Dutch Data Protection Act. Click here for more information about the main GRI website user registration. The section below explains how data was collected via report registration and the Sustainability Disclosure Database. GRI does not at any time sell or otherwise lend your personal data to third parties other than its Data Partners. Data Partners were ‘processors’ under the Dutch Data Protection Act, and only had limited access to the personal data for the purpose of the day-to-day functioning of the GRI Sustainability Disclosure Database. [Your e-mail address may be used by GRI to send you general information about GRI’s activities and about the GRI Sustainability Disclosure Database.]
Before December 2020, if an organization published a sustainability report or an integrated report and wanted their report included in the Sustainability Disclosure Database, they would have to fill out the Report Registration Form and return it to GRI or one of GRI’s Data Partners. Any kind of sustainability or integrated report could have been included in this database.
GRI and/or its Data Partners would have used the Report Registration form to get in touch with the contact should there be any questions regarding the registration. GRI and its Data Partners would have used the information provided to analyze aggregate trends in reporting. The Report Registration form required contact details, information about the organization (size, listing, type etc.) and information about the report (GRI, non-GRI, integrated report, Application Level etc.). Both organizational and report data included in the form were made publicly available to all users in the Sustainability Disclosure Database. Contact details and other personal data were not made publicly available by GRI via whatsoever source.
The Report Registration form asked for a link to the actual sustainability or integrated report. The contact of the organization is responsible for ensuring that the link provided directs users to the website that hosts the original report. GRI also included the actual PDF of the report in the Sustainability Disclosure Database, if one was available and a functioning PDF link was provided in the Report Registration form. By uploading or giving access to the report, the contact of the organization warrants on behalf of your organization that the organization gives permission to GRI to publish the report on the GRI website, by way of a non-exclusive and royalty-free licence. GRI cannot be held responsible for reporting organizations or any other third parties providing links to locations that are not the organization’s website or links to reports that have been modified.
Note: GRI collected a wide variety of information from GRI reports. For GRI-referenced or non-GRI reports, GRI required and published a smaller variety of information.
Organizations that have published sustainability or integrated reports can add additional data fields on the Sustainability Disclosure Database via the special access provided by GRI. Additional organizational and report data fields include number of employees, revenue, stock listing code, report language, number of pages, reporting cycle, reporting period, AA1000, and external assurance details. Reporting organizations can choose to publish contact details on the Organizational Profile section of the Sustainability Disclosure Database to receive comments and engage with stakeholders. All of these fields are editable by the relevant organization and are not managed by GRI.