Re: Travel Sponsorship Delays and Next Steps

[Neil McGovern <neil gnome org>]

On Fri, 2018-06-08 at 11:17 +0200, Didier Roche wrote:
> Le 08/06/2018 à 10:06, Tobias Mueller a écrit :
> > Hi,
>
> Hey Tobias,
> > On Fri, 2018-06-08 at 08:07 +0200, Didier Roche wrote:
> > > Neil and the Travel Committee are working hard in changing the
> > > current
> > > process of handling requests to comply to GDPR.
> >
> > I applaud the efforts, but what makes you think you fall under the
> > regulations of the GDPR?
> >
> > I believe to have some intermediary level knowledge of the GDPR and
> > how
> > to assess whether anything is in need of compliance and I'd be
> > interested in learning why you think the Foundation needs to
> > comply.
>
> This was initially raised by the Travel Committee itself.
>
> After a deeper look by Neil who has worked on this topic on other
> areas 
> for the GNOME Foundation, there is an agreement that some process 
> changes were needed to comply. I'll let him expand on this (probably 
> once the work for getting things in shape and unblock the current 
> situation is done).

We're processing personal data of individuals who are located in the
EU, so we need to comply. What we don't need is a named Data Protection
Officer (we have less than 250 employees).

What we were missing was:
* a privacy notice saying what we collect, what we do with it, and what
legal basis we have for collecting it (which is now in place!)
* An easy way to ensure that requests, for the travel committee, can be
deleted when there's no requirement to keep it anymore (we're now using
RT rather than an email list)
* a confidentiality agreement for those who process personal data (now
in place, but not technically a GDPR requirement)

Happy to answer any more questions,
Neil
-- 
Neil McGovern
Executive Director, The GNOME Foundation