[iaoa-infrastructure] new European regulations on data privacy

Laure Vieu vieu at irit.fr
Fri Feb 2 10:30:49 CET 2018 

Hi Ken,

There is no doubt that we process personal data and that the law concern us.
The fuzzy question is rather to understand what are we obliged to
implement that we haven't yet done.
It seems to me that we should at least add something like "If you wish
to remove your personal data from IAOA records, applying your rights xxx
--ref to the law, please write to yyy".
(you are probably right that we should have done that much earlier)
But I'm not sure this will be enough.

There are two types of data we are collecting:
- info required by Italian law to identify members (name, date and place
of birth, personal address)
- optional data regarding scientific interests

We should investigate what sort of personal data is required by the
Swiss law to adapt the registration form.

Also, I'm wondering what are the interactions between the Italian law
regarding our obligation to maintain records of who was member when
(presumably also after the Italian IAOA is killed), and the right to
cancel personal data.
Regarding this last issue, I can of course look for advice in Italy.

Best,
Laure

Le 01/02/2018 à 18:55, Ken Baclawski a écrit :
> I looked at the regulations, and we do have personal data in our
> database so the regulations apply.  However, it appears that the
> previous regulations also applied.  The new regulations appear to be
> mostly concerned with ensuring that the regulations (and penalties for
> noncomplience) of all of the EU member states are consistent with one
> another than with adding anything new for a small organization like the
> IAOA.  However, it did make me wonder why we are collecting all of this
> personal data.  What is it used for?
> 
> Best regards,
> 
> -- Ken
> 
> 
> 
> On Mon, Jan 29, 2018 at 11:46 AM, Laure Vieu <vieu at irit.fr
> <mailto:vieu at irit.fr>> wrote:
> 
>     Dear all,
> 
>     Valter just learned that on May 25 2018 a new regulation will be
>     enforced in the EU [1].
> 
>     The Italian association will be still alive in May (not just because we
>     won't have time for ending the killing process by then but also because
>     we shall wait till after FOIS for that since a contract will be made in
>     name of IAOA-Italy).
>     So we should make sure (what will remain of) our Italian-IAOA website
>     will be compliant.
> 
>     More importantly perhaps, Valter told me that any organization dealing
>     with EU people should be compliant as well. So despite the fact that the
>     new website will be linked to the Swiss association and be hosted in the
>     US, the new website *has to* be compliant since we do have EU members.
> 
>     Has anyone already examined what these new regulations entail, in
>     concrete terms and can tell us whether or not much change needs to be
>     implemented?
> 
>     Best,
>     Laure
> 
> 
>     [1] https://www.eugdpr.org/
> 
>     _________________________________________________________________________
>     Msg Archives: 
>      https://listserv.ovgu.de/pipermail/iaoa-infrastructure/
>     <https://listserv.ovgu.de/pipermail/iaoa-infrastructure/>
>     Committee Wiki: http://ontolog-02.cim3.net/wiki/IaoaInfrastructure
>     <http://ontolog-02.cim3.net/wiki/IaoaInfrastructure>
>     To join:        please email committee chairs or to: info @ iaoa.org
>     <http://iaoa.org>
>     IAOA website:   http://iaoa.org
> 
> 
> 
> 
> 
> _________________________________________________________________________
> Msg Archives:   https://listserv.ovgu.de/pipermail/iaoa-infrastructure/
> Committee Wiki: http://ontolog-02.cim3.net/wiki/IaoaInfrastructure
> To join:        please email committee chairs or to: info @ iaoa.org
> IAOA website:   http://iaoa.org 
>

More information about the iaoa-infrastructure mailing list