Re: Question to all candidates: GDPR compliance review

[Adrian Bunk <bunk@debian.org>]

On Fri, Apr 01, 2022 at 07:40:02PM +0200, Tollef Fog Heen wrote:
>...
> This isn't the role of the data protection team, though, any more than
> owner@bugs is responsible for fixing all the bugs in all the packages.
> I'm quite happy to act as a redirector (as per the first part of the
> delegation) as well as advising service owners.  I have below-zero
> interest in auditing all our services and tracking everything relevant
> to data privacy throughout Debian.
>...

Who will fulfill the request within the legal limit of one month if
a person sends an email to data-protection@debian.org asking whether
Debian is a (joint) controller of any data about this person, and
if yes requests a copy of all data?

If there is no reply within one month, the person can request an order 
from the local supervisory authority (e.g. [1] is the online form for
such requests in my country of residence).

> Cheers,

cu
Adrian

[1] https://tietosuoja.fi/en/find-out-whether-the-data-protection-ombudsman-can-help-you-rights