GPDR

classic Classic list List threaded Threaded
28 messages Options
12
Reply | Threaded
Open this post in threaded view
|

GPDR

jody.garnett
As pointed out on discuss, some of our services share information about members of our community, falling in the line of fire for the EU General Data Projection Regulation.

So what personal data collection do we have? 

a) signed contribution agreements for contributors, these documents are provided to us and managed by the secretary. We do need to share these with the project steering committees so they can verify contributors are on the up-and-up.

b) OSGeo user id - as noted on discuss we offer a tool to query the database and see if an email address is in use.

c) Wiki login? Imagine it is similar to the above, not sure if we have a status update about replacing wiki logins yet.

d) email list membership / mailman access? I know Source Forge has put all mailman list management under lock and key, and as a GeoServer admin I can no longer figure out information about email list subscribers ... only a total number.

Anything missing in the above list?
--
Jody Garnett

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Massimiliano Cannata
MailChimp list of past foss4g participants?

Il mer 11 lug 2018, 19:18 Jody Garnett <[hidden email]> ha scritto:
As pointed out on discuss, some of our services share information about members of our community, falling in the line of fire for the EU General Data Projection Regulation.

So what personal data collection do we have? 

a) signed contribution agreements for contributors, these documents are provided to us and managed by the secretary. We do need to share these with the project steering committees so they can verify contributors are on the up-and-up.

b) OSGeo user id - as noted on discuss we offer a tool to query the database and see if an email address is in use.

c) Wiki login? Imagine it is similar to the above, not sure if we have a status update about replacing wiki logins yet.

d) email list membership / mailman access? I know Source Forge has put all mailman list management under lock and key, and as a GeoServer admin I can no longer figure out information about email list subscribers ... only a total number.

Anything missing in the above list?
--
Jody Garnett
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Markus Neteler

Massimiliano Cannata <[hidden email]> schrieb am Do., 12. Juli 2018, 07:07:
MailChimp list of past foss4g participants?

See

Markus


_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

jody.garnett
In reply to this post by Massimiliano Cannata
So what do we do as a volunteer organization, perhaps make a wiki or web page with this list ... and contact details to use if someone wants to be removed for whatever reason.

I do not see a need to make an automated solution, just have a solution.

One thing that is impossible is the version control history ... but in that case we have a legal reason to require their personal details. They (or their organization) must be associated with the work ...
On Wed, Jul 11, 2018 at 10:16 PM Massimiliano Cannata <[hidden email]> wrote:
MailChimp list of past foss4g participants?

Il mer 11 lug 2018, 19:18 Jody Garnett <[hidden email]> ha scritto:
As pointed out on discuss, some of our services share information about members of our community, falling in the line of fire for the EU General Data Projection Regulation.

So what personal data collection do we have? 

a) signed contribution agreements for contributors, these documents are provided to us and managed by the secretary. We do need to share these with the project steering committees so they can verify contributors are on the up-and-up.

b) OSGeo user id - as noted on discuss we offer a tool to query the database and see if an email address is in use.

c) Wiki login? Imagine it is similar to the above, not sure if we have a status update about replacing wiki logins yet.

d) email list membership / mailman access? I know Source Forge has put all mailman list management under lock and key, and as a GeoServer admin I can no longer figure out information about email list subscribers ... only a total number.

Anything missing in the above list?
--
Jody Garnett
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
--
--
Jody Garnett

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

jmckenna
Administrator
In reply to this post by jody.garnett

>
> b) OSGeo user id - as noted on discuss we offer a tool to query the
> database and see if an email address is in use.
>

Correcting the above statement: you can only query for an ID or a name;
an email address is never displayed.  Give it a try at:
https://id.osgeo.org/ldap/search

-jeff



_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

jody.garnett
Perfect thanks Jeff, so it displays whatever common name was filled in.
--
Jody Garnett


On Thu, 12 Jul 2018 at 02:55, Jeff McKenna <[hidden email]> wrote:

>
> b) OSGeo user id - as noted on discuss we offer a tool to query the
> database and see if an email address is in use.
>

Correcting the above statement: you can only query for an ID or a name;
an email address is never displayed.  Give it a try at:
https://id.osgeo.org/ldap/search

-jeff



_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

stevenfeldman
In reply to this post by jody.garnett
Jody

I think the Board needs to take a more proactive approach to GDPR. This is
quite significant legislation and we should ensure that we have taken
"reasonable steps" to audit our personal data holdings and ensure we have
compliant processes.

The UK Information Commissioner's Office has a good intro to GDPR at
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
and a simple checklist tool at
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
(each EU country will have similar info but this is in English)

MailChimp has good tools for getting mail-list approval and providing
unsubscribe options. Do we have an OSGeo account or is usage less formal
across the regions?

I'm sure several of our EU members have already worked through GDPR with
their organisations and could provide advice

Cheers

Steven



--
Sent from: http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

delawen
Hi,

I am bit offline. Can we meet next week on foss4geu to discuss? I am experiencing the GDPR transition in other associations and in OSGeo we still have several things to do.

Nothing really problematic, just reasking consent and inform about what we do with personal data. Which we should do anyway, we are very clear and simple with data treatment :) 

Even if we have some inspection before we get everything in order, we will still have some friendly timeline to fix things before any penalty comes out. 

Maybe we need a better approach for storing personal data so we make sure it is as safe as possible and very few selected people can access. 


El sáb., 14 jul. 2018 19:16, stevenfeldman <[hidden email]> escribió:
Jody

I think the Board needs to take a more proactive approach to GDPR. This is
quite significant legislation and we should ensure that we have taken
"reasonable steps" to audit our personal data holdings and ensure we have
compliant processes.

The UK Information Commissioner's Office has a good intro to GDPR at
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
and a simple checklist tool at
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
(each EU country will have similar info but this is in English)

MailChimp has good tools for getting mail-list approval and providing
unsubscribe options. Do we have an OSGeo account or is usage less formal
across the regions?

I'm sure several of our EU members have already worked through GDPR with
their organisations and could provide advice

Cheers

Steven



--
Sent from: http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Ben Caradoc-Davies-2
In reply to this post by jody.garnett
On 12/07/18 05:18, Jody Garnett wrote:
> Anything missing in the above list?

Name and email address in Git commits.

Kind regards,

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Ben Caradoc-Davies-2
On 15/07/18 10:51, Ben Caradoc-Davies wrote:
> On 12/07/18 05:18, Jody Garnett wrote:
>> Anything missing in the above list?
> Name and email address in Git commits.

Of particular concern to Git repository maintainers is:

"Art. 17 GDPR Right to erasure (‘right to be forgotten’)"
https://gdpr-info.eu/art-17-gdpr/

because removal of personal identity information from a commit changes
its hash and requires rewriting the repository, which makes its history
incompatible with its clones.

The exemptions likely to be applicable include:

"3 Paragraphs 1 and 2 shall not apply to the extent that processing is
necessary"

"3(a) for exercising the right of freedom of expression and information;"

and especially:

"3(e) for the establishment, exercise or defence of legal claims."

In my view, recording author and committer identity information is
necessary to establish provenance and the validity of copyright
agreements. It might be useful to take legal advice on whether this
would be a valid basis for rejecting a demand for erasure.

"Art. 16 GDPR Right to rectification" seems to lack these exemptions:
https://gdpr-info.eu/art-16-gdpr/

See also this GitLab issue proposing the use of opaque identifiers in
Git commits:

GDPR Compliance: Maintain Separate Mapping of Commits to Authors in Gitlab
https://gitlab.com/gitlab-org/gitlab-ce/issues/42829

Kind regards,

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

jody.garnett
In reply to this post by stevenfeldman
Advice would be very much appreciated.

My own preference is to be clear that OSGeo is largely self-serve, and if we document steps to sign up for something we also document the steps to un-sign up for something.

I think OSGeo has one mail chimp account used by marketing and geoforall - but it am not sure how heavily it is used?
--
Jody Garnett


On Sat, 14 Jul 2018 at 10:16, stevenfeldman <[hidden email]> wrote:
Jody

I think the Board needs to take a more proactive approach to GDPR. This is
quite significant legislation and we should ensure that we have taken
"reasonable steps" to audit our personal data holdings and ensure we have
compliant processes.

The UK Information Commissioner's Office has a good intro to GDPR at
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
and a simple checklist tool at
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
(each EU country will have similar info but this is in English)

MailChimp has good tools for getting mail-list approval and providing
unsubscribe options. Do we have an OSGeo account or is usage less formal
across the regions?

I'm sure several of our EU members have already worked through GDPR with
their organisations and could provide advice

Cheers

Steven



--
Sent from: http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

stevenfeldman
Several of us are in Guimaraes for FOSS4G Europe, let’s see if we can come up with some volunteers to pick this up
______
Steven


On 16 Jul 2018, at 07:00, Jody Garnett <[hidden email]> wrote:

Advice would be very much appreciated.

My own preference is to be clear that OSGeo is largely self-serve, and if we document steps to sign up for something we also document the steps to un-sign up for something.

I think OSGeo has one mail chimp account used by marketing and geoforall - but it am not sure how heavily it is used?
--
Jody Garnett


On Sat, 14 Jul 2018 at 10:16, stevenfeldman <[hidden email]> wrote:
Jody

I think the Board needs to take a more proactive approach to GDPR. This is
quite significant legislation and we should ensure that we have taken
"reasonable steps" to audit our personal data holdings and ensure we have
compliant processes.

The UK Information Commissioner's Office has a good intro to GDPR at
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
and a simple checklist tool at
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
(each EU country will have similar info but this is in English)

MailChimp has good tools for getting mail-list approval and providing
unsubscribe options. Do we have an OSGeo account or is usage less formal
across the regions?

I'm sure several of our EU members have already worked through GDPR with
their organisations and could provide advice

Cheers

Steven



--
Sent from: http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board


_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Ben Caradoc-Davies-2
In reply to this post by jody.garnett
What about email archives? They are not self-service.

Do we have an obligation to purge archived emails or correct names or
email addresses in archives on requests?

Do we have an obligation to report all personal information held by
OSGeo on request? Should OSGeo have a procedure for handling such requests?

Kind regards,
Ben.

On 16/07/18 18:00, Jody Garnett wrote:

> Advice would be very much appreciated.
>
> My own preference is to be clear that OSGeo is largely self-serve, and if
> we document steps to sign up for something we also document the steps to
> un-sign up for something.
>
> I think OSGeo has one mail chimp account used by marketing and geoforall -
> but it am not sure how heavily it is used?
> --
> Jody Garnett
>
>
> On Sat, 14 Jul 2018 at 10:16, stevenfeldman <[hidden email]> wrote:
>
>> Jody
>>
>> I think the Board needs to take a more proactive approach to GDPR. This is
>> quite significant legislation and we should ensure that we have taken
>> "reasonable steps" to audit our personal data holdings and ensure we have
>> compliant processes.
>>
>> The UK Information Commissioner's Office has a good intro to GDPR at
>>
>> https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
>> and a simple checklist tool at
>>
>> https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
>> (each EU country will have similar info but this is in English)
>>
>> MailChimp has good tools for getting mail-list approval and providing
>> unsubscribe options. Do we have an OSGeo account or is usage less formal
>> across the regions?
>>
>> I'm sure several of our EU members have already worked through GDPR with
>> their organisations and could provide advice
>>
>> Cheers
>>
>> Steven
>>
>>
>>
>> --
>> Sent from: http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html
>> _______________________________________________
>> Board mailing list
>> [hidden email]
>> https://lists.osgeo.org/mailman/listinfo/board
>
>
>
> _______________________________________________
> Board mailing list
> [hidden email]
> https://lists.osgeo.org/mailman/listinfo/board
>

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Cameron Shorter
Ben,

I'm not sure about the legalities of GPDR, but I think that purging
email archives is undesirable, impractical, and shouldn't be required.

OSGeo has always been clear that our email lists are public and can be
archived (either publicly or privately). By posting to the list, people
should have been aware that they are putting their details onto the
public record.


On 16/7/18 7:39 pm, Ben Caradoc-Davies wrote:

> What about email archives? They are not self-service.
>
> Do we have an obligation to purge archived emails or correct names or
> email addresses in archives on requests?
>
> Do we have an obligation to report all personal information held by
> OSGeo on request? Should OSGeo have a procedure for handling such
> requests?
>
> Kind regards,
> Ben.
>
> On 16/07/18 18:00, Jody Garnett wrote:
>> Advice would be very much appreciated.
>>
>> My own preference is to be clear that OSGeo is largely self-serve,
>> and if
>> we document steps to sign up for something we also document the steps to
>> un-sign up for something.
>>
>> I think OSGeo has one mail chimp account used by marketing and
>> geoforall -
>> but it am not sure how heavily it is used?
>> --
>> Jody Garnett
>>
>>
>> On Sat, 14 Jul 2018 at 10:16, stevenfeldman <[hidden email]> wrote:
>>
>>> Jody
>>>
>>> I think the Board needs to take a more proactive approach to GDPR.
>>> This is
>>> quite significant legislation and we should ensure that we have taken
>>> "reasonable steps" to audit our personal data holdings and ensure we
>>> have
>>> compliant processes.
>>>
>>> The UK Information Commissioner's Office has a good intro to GDPR at
>>>
>>> https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ 
>>>
>>> and a simple checklist tool at
>>>
>>> https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/ 
>>>
>>> (each EU country will have similar info but this is in English)
>>>
>>> MailChimp has good tools for getting mail-list approval and providing
>>> unsubscribe options. Do we have an OSGeo account or is usage less
>>> formal
>>> across the regions?
>>>
>>> I'm sure several of our EU members have already worked through GDPR
>>> with
>>> their organisations and could provide advice
>>>
>>> Cheers
>>>
>>> Steven
>>>
>>>
>>>
>>> --
>>> Sent from:
>>> http://osgeo-org.1560.x6.nabble.com/OSGeo-Board-f3713809.html
>>> _______________________________________________
>>> Board mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/board
>>
>>
>>
>> _______________________________________________
>> Board mailing list
>> [hidden email]
>> https://lists.osgeo.org/mailman/listinfo/board
>>
>

--
Cameron Shorter
Technology Demystifier
Open Technologies and Geospatial Consultant

M +61 (0) 419 142 254

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Ben Caradoc-Davies-2
But that does not address their right (under the GDPR) to
retrospectively withdraw their consent, their right to retrospectively
correct their personal details, or their right to be forgotten. It does
not matter whether we agree with the GDPR, only whether we are compliant
with it.

On 16/07/18 23:41, Cameron Shorter wrote:
> OSGeo has always been clear that our email lists are public and can be
> archived (either publicly or privately). By posting to the list, people
> should have been aware that they are putting their details onto the
> public record.

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Darrell Fuhriman
I'm afraid I have to agree with Ben here. 

GDPR is a huge pain the a**, but it is the law.

On Mon, Jul 16, 2018 at 1:04 PM Ben Caradoc-Davies <[hidden email]> wrote:
But that does not address their right (under the GDPR) to
retrospectively withdraw their consent, their right to retrospectively
correct their personal details, or their right to be forgotten. It does
not matter whether we agree with the GDPR, only whether we are compliant
with it.

On 16/07/18 23:41, Cameron Shorter wrote:
> OSGeo has always been clear that our email lists are public and can be
> archived (either publicly or privately). By posting to the list, people
> should have been aware that they are putting their details onto the
> public record.

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

jody.garnett
In reply to this post by Ben Caradoc-Davies-2
That is a bit tricky as we are also required to keep a legal record of contributions and contributors to confirm the applicability of our open source licenses.

Still this is the kind of ting we can go get legal council on, we do not really want to use this list as armchair lawyers. We can use it to think about what places we record personal details in our organization.
--
Jody Garnett


On Mon, 16 Jul 2018 at 13:04, Ben Caradoc-Davies <[hidden email]> wrote:
But that does not address their right (under the GDPR) to
retrospectively withdraw their consent, their right to retrospectively
correct their personal details, or their right to be forgotten. It does
not matter whether we agree with the GDPR, only whether we are compliant
with it.

On 16/07/18 23:41, Cameron Shorter wrote:
> OSGeo has always been clear that our email lists are public and can be
> archived (either publicly or privately). By posting to the list, people
> should have been aware that they are putting their details onto the
> public record.

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

blammo
In reply to this post by Darrell Fuhriman
Anyone have a cheat sheet on the GDPR as well as a summary of what OSGeo personal information that is actually being stored?

Email, country of origin/organization and ???, are there other items being collected (about me) that I don’t know about?

. . . .


bobb



On Jul 16, 2018, at 3:36 PM, Darrell fuhriman <[hidden email]> wrote:

I'm afraid I have to agree with Ben here. 

GDPR is a huge pain the a**, but it is the law.

On Mon, Jul 16, 2018 at 1:04 PM Ben Caradoc-Davies <[hidden email]> wrote:
But that does not address their right (under the GDPR) to
retrospectively withdraw their consent, their right to retrospectively
correct their personal details, or their right to be forgotten. It does
not matter whether we agree with the GDPR, only whether we are compliant
with it.

On 16/07/18 23:41, Cameron Shorter wrote:
> OSGeo has always been clear that our email lists are public and can be
> archived (either publicly or privately). By posting to the list, people
> should have been aware that they are putting their details onto the
> public record.

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board



Those who believe in telekinetics, raise my hand.
—Kurt Vonnegut


_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

blammo
Just some of my own observations :

Article 6, Para.  1, items a, b, c, d, and e seem to apply directly to the OSGeo mission and intent.

Item a.  - The data subject has given consent by participating in the OSGeo discussion by signing up for a list (on his own I might add, have we already been in compliance?)

Item b.  -  Originator of intelectual property (code) cand be thought of as entering into a contract based on the incubation process and code contribution methods.

Item c.  -  Similar to items, in that it maintains the standards of coding in the open and that the coding is free of any incumbresses, IE. open licensing

Item d.  -  Copyright of contributor maintenance.

Item e.  -  We’re all about public interest, right?  :c)


I’m coming to these observations based on this link:


Hope it’s the correct one.

bobb



On Jul 16, 2018, at 4:19 PM, Basques, Bob (CI-StPaul) <[hidden email]> wrote:

Anyone have a cheat sheet on the GDPR as well as a summary of what OSGeo personal information that is actually being stored?

Email, country of origin/organization and ???, are there other items being collected (about me) that I don’t know about?

. . . .


bobb



On Jul 16, 2018, at 3:36 PM, Darrell fuhriman <[hidden email]> wrote:

I'm afraid I have to agree with Ben here. 

GDPR is a huge pain the a**, but it is the law.

On Mon, Jul 16, 2018 at 1:04 PM Ben Caradoc-Davies <[hidden email]> wrote:
But that does not address their right (under the GDPR) to
retrospectively withdraw their consent, their right to retrospectively
correct their personal details, or their right to be forgotten. It does
not matter whether we agree with the GDPR, only whether we are compliant
with it.

On 16/07/18 23:41, Cameron Shorter wrote:
> OSGeo has always been clear that our email lists are public and can be
> archived (either publicly or privately). By posting to the list, people
> should have been aware that they are putting their details onto the
> public record.

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board



Those who believe in telekinetics, raise my hand.
—Kurt Vonnegut

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board



"Glory is fleeting, but obscurity is forever." 
- Napoleon Bonaparte




_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
Reply | Threaded
Open this post in threaded view
|

Re: GPDR

Darrell Fuhriman
In reply to this post by jody.garnett
There are exemptions for those sorts of legal requirements, for sure. (As in, GDPR doesn't trump other legal obligations.)

But yes, a bit of legal council is probably wise.

And, I can speak from experience, to Bob's question: identifying all the places where we keep personal information is very likely to be part of what's required to get compliant.


On Mon, Jul 16, 2018 at 2:20 PM Jody Garnett <[hidden email]> wrote:
That is a bit tricky as we are also required to keep a legal record of contributions and contributors to confirm the applicability of our open source licenses.

Still this is the kind of ting we can go get legal council on, we do not really want to use this list as armchair lawyers. We can use it to think about what places we record personal details in our organization.
--
Jody Garnett


On Mon, 16 Jul 2018 at 13:04, Ben Caradoc-Davies <[hidden email]> wrote:
But that does not address their right (under the GDPR) to
retrospectively withdraw their consent, their right to retrospectively
correct their personal details, or their right to be forgotten. It does
not matter whether we agree with the GDPR, only whether we are compliant
with it.

On 16/07/18 23:41, Cameron Shorter wrote:
> OSGeo has always been clear that our email lists are public and can be
> archived (either publicly or privately). By posting to the list, people
> should have been aware that they are putting their details onto the
> public record.

--
Ben Caradoc-Davies <[hidden email]>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board

_______________________________________________
Board mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/board
12