Re: Travel Sponsorship Delays and Next Steps

On Fri, 2018-06-08 at 11:17 +0200, Didier Roche wrote:
Le 08/06/2018 à 10:06, Tobias Mueller a écrit :

Hey Tobias,

On Fri, 2018-06-08 at 08:07 +0200, Didier Roche wrote:
Neil and the Travel Committee are working hard in changing the
process of handling requests to comply to GDPR.

I applaud the efforts, but what makes you think you fall under the
regulations of the GDPR?

I believe to have some intermediary level knowledge of the GDPR and
to assess whether anything is in need of compliance and I'd be
interested in learning why you think the Foundation needs to

This was initially raised by the Travel Committee itself.

After a deeper look by Neil who has worked on this topic on other
for the GNOME Foundation, there is an agreement that some process 
changes were needed to comply. I'll let him expand on this (probably 
once the work for getting things in shape and unblock the current 
situation is done).

We're processing personal data of individuals who are located in the
EU, so we need to comply. What we don't need is a named Data Protection
Officer (we have less than 250 employees).

What we were missing was:
* a privacy notice saying what we collect, what we do with it, and what
legal basis we have for collecting it (which is now in place!)
* An easy way to ensure that requests, for the travel committee, can be
deleted when there's no requirement to keep it anymore (we're now using
RT rather than an email list)
* a confidentiality agreement for those who process personal data (now
in place, but not technically a GDPR requirement)

Happy to answer any more questions,
Neil McGovern
Executive Director, The GNOME Foundation

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]