[iaoa-infrastructure] IAOA & the EU General Data Protection Regulation (GDPR)
Laure Vieu
vieu at irit.fr
Fri May 11 09:58:50 CEST 2018
We have already discussed that and tried to study the implications from
the documents we've found (including Ken's document).
I do not claim to have understood everything, but the minimum I believe
we have to implement is embedded in issue #5.33:
- something to let the member see all personal data gathered
AND modify what can be changed
we already have something like this in the membership utilities
so here, the question is to know whether the "profile" standard system
of WordPress can be used to visualise the database or need to keep
Valter's script
we can also wonder whether "all the data" means showing more than
currently shown, ie, include all the membership history. but we can take
advantage of the change of database to postpone this question somewhat.
- something (a button that sends a message to secretary I guess) to
allow the member to request cancellation of this data.
here, we need to investigate how to solve the tension with the law that
obliges us to keep financial data about past memberships (in Italy, "the
book of members"). but here again we can take advantage of the change of
database to postpone this question somewhat.
then, there is the cookie question (#5.32). I do not know if we use
cookies, but I guess not.
and finally, we need to make sure all links inside our pages are
properly written with https and that all operations inside the
membership area are secure (#5.35).
talk to you later today.
Laure
Le 11/05/2018 à 04:25, Ken Baclawski a écrit :
> I have a GDPR checklist that we can review if you think that would help.
>
> Best regards,
>
> -- Ken
>
> On Thu, May 10, 2018 at 12:38 PM, Frank Loebe
> <frank.loebe at informatik.uni-leipzig.de
> <mailto:frank.loebe at informatik.uni-leipzig.de>> wrote:
>
> Dear all,
>
> I'm not aware of whether the following matter has been addressed in
> the past already, but just as my sports club is having "a lot of
> fun" with the German implementation, I started wondering to what
> extent IAOA (and its website(s), in particular) pays attention to
> and complies with the EU General Data Protection Regulation (GDPR)
> [1,2], which will become effective as of May 25, 2018.
>
> As far as I understand matters (which is not really far), I believe
> we should seek compliance with the GDPR, given that we process
> personal data of EU individuals (a.o.) and are (or, at least, may
> be) subject to the GDPR, independently of IAOA(-CH) being based
> outside of the EU as well as of the location of any IAOA servers
> within the EU or not.
>
> I'd suggest to keep that matter in mind even when setting up the new
> membership database. I'm further afraid that this may require quite
> a bit of detailed knowledge about the GDPR, which at least I myself
> don't have. Does anyone else among us?
>
> NB: Despite of what it might look like due to opening this can of
> worms, I have clearly _NO_ interest at all to delay getting the new
> website ready and officially live.
>
> Best regards,
> Frank
>
>
> [1] https://www.eugdpr.org/
>
> [2] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
> <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>
>
> _________________________________________________________________________
> Msg Archives:
> https://listserv.ovgu.de/pipermail/iaoa-infrastructure/
> <https://listserv.ovgu.de/pipermail/iaoa-infrastructure/>
> Committee Wiki: http://ontolog-02.cim3.net/wiki/IaoaInfrastructure
> <http://ontolog-02.cim3.net/wiki/IaoaInfrastructure>
> To join: please email committee chairs or to: info @ iaoa.org
> <http://iaoa.org>
> IAOA website: http://iaoa.org
>
>
>
>
>
> _________________________________________________________________________
> Msg Archives: https://listserv.ovgu.de/pipermail/iaoa-infrastructure/
> Committee Wiki: http://ontolog-02.cim3.net/wiki/IaoaInfrastructure
> To join: please email committee chairs or to: info @ iaoa.org
> IAOA website: http://iaoa.org
>
More information about the iaoa-infrastructure
mailing list