Re: Question to all candidates: GDPR compliance review
>>>>> "Adrian" == Adrian Bunk <bunk@debian.org> writes:
Adrian> If I send an email requesting all data Debian has about me to
Adrian> data-protection@debian.org, will I receive a complete reply within the
Adrian> expected time, including all data members of delegations like the
Adrian> Debian Account Managers and the Community Team might have?
Someone did exactly that while I was DPL. They received a response
within the GPR's allowed time giving them all data Debian held regarding
them that was not covered by an exception to the GDPR. They also
received a list of exceptions to the GDPR that might apply to data that
was not turned over. This was all handled in a manner consistent with
the advice received from a lawyer specializing in GDPR issues that was
ultimately paid for by SPI.
As you might imagine, there are GDPR exceptions that apply to some
classes of data that DAM routinely processes.
I cannot speak to the community team as the community team did not exist
at the time of this request.
--Sam
Reply to: