[Community-Discuss] AFRINIC and the GDPR
Mike Silber
silber.mike at gmail.com
Wed Apr 11 14:19:17 UTC 2018
I would agree with that completely
The Mauritius DPA is actually aligned with the old EU Data Privacy Directive and not the GDPR.
There are some interesting changes from the DPD to the GDPR. Most are quite minor in language (but could be more significant in application - time will tell).
> On 11 Apr 2018, at 16:00, Alan Barrett <alan.barrett at afrinic.net> wrote:
>
>
>
>> On 11 Apr 2018, at 17:54, Mike Silber <silber.mike at gmail.com> wrote:
>>
>> No issue with doing a proper information audit (what there is, where it is stored, how it can be accessed and by whom). That is just good information security practice.
>>
>> However I am still not certain that holding any of that information actually makes AfriNIC a controller in terms of the GDPR.
>
> I am pretty sure that AFRINIC is a data controller in terms of the Mauritius Data Protection Act, which is aligned with GDPR.
>
> Yes, we are auditing the information we hold and the way we process it, and I expect to be able to report on progress at the AIS meeting in early May.
>
> Alan
> _______________________________________________
> Community-Discuss mailing list
> Community-Discuss at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/community-discuss
More information about the Community-Discuss
mailing list