-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
privacy compliance? #1311
Comments
I'm on the Research Ethics Group at Sussex so based on http://www.sussex.ac.uk/ogs/policies/information/dpa/processingdata we are processing (which includes holding) personal data lawfully:
|
Thanks for the interpretation @drjwbaker. @mdlincoln is there any technical reason why we shouldn't try to remove unnecessary data, like email addresses or social media handles for non-team members? |
The only time we collect those data are for team members, so we could certainly remove it for former team members. For former members, the only thing we display is institution, start date, and end date of their membership, so we don't need that extra email/contact info any more. (I'd suggest we probably don't need to display institution on that list since for many it'll almost certainly be out of date.) |
I think we are compliant then. This discussion and the archiving of it as an Issue should serve the purposes of showing that we have done our due diligence. |
I note that since we have started publishing laws have changed on privacy and the internet. In particular in the EU the GDPR regulations require greater care by organizations to keep personal information secure and to delete it upon request. In particular, I'm raising the possibility that our ph_authors.yml file may not be GDPR compliant.
Does anyone have GDPR training that can advise?
The text was updated successfully, but these errors were encountered: