On Fri, 2018-06-08 at 11:17 +0200, Didier Roche wrote: > Le 08/06/2018 à 10:06, Tobias Mueller a écrit : > > Hi, > > Hey Tobias, > > > > On Fri, 2018-06-08 at 08:07 +0200, Didier Roche wrote: > > > Neil and the Travel Committee are working hard in changing the > > > current > > > process of handling requests to comply to GDPR. > > > > I applaud the efforts, but what makes you think you fall under the > > regulations of the GDPR? > > > > I believe to have some intermediary level knowledge of the GDPR and > > how > > to assess whether anything is in need of compliance and I'd be > > interested in learning why you think the Foundation needs to > > comply. > > This was initially raised by the Travel Committee itself. > > After a deeper look by Neil who has worked on this topic on other > areas > for the GNOME Foundation, there is an agreement that some process > changes were needed to comply. I'll let him expand on this (probably > once the work for getting things in shape and unblock the current > situation is done). >
We're processing personal data of individuals who are located in the EU, so we need to comply. What we don't need is a named Data Protection Officer (we have less than 250 employees). What we were missing was: * a privacy notice saying what we collect, what we do with it, and what legal basis we have for collecting it (which is now in place!) * An easy way to ensure that requests, for the travel committee, can be deleted when there's no requirement to keep it anymore (we're now using RT rather than an email list) * a confidentiality agreement for those who process personal data (now in place, but not technically a GDPR requirement) Happy to answer any more questions, Neil -- Neil McGovern Executive Director, The GNOME Foundation _______________________________________________ foundation-list mailing list foundation-list@gnome.org https://mail.gnome.org/mailman/listinfo/foundation-list
