Skip to end of banner
Go to start of banner

2022-11-04 Privacy SIG notes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Date

Attendees

Goals

Discussion items

TimeItemWhoNotes
5 minIntroductions and what are you hoping to take away from this meeting

 5 min Review/adjust agendaAdam
10 minKevin Day, FOLIO Prokopovych development asked question about PDD for, "I have questions on specific and possible interpretations of the PDD form. Particularly in regards to the way 'store' is being used on the form."Kevin
20 min

Start working through the questions issues Ingolf raised earlier in the fall:

On slide 5 : "Where is my data stored ?"

According to Julian, there is no right of the individual to obtain these kinds of information.

It suffices to state what personal data are being stored, for what reason and for how long.

"Stored" is likely a wrong translation from the German version of GDPR, and refers to Art. 13 of GDPR, Art. 13 GDPR - Information to be provided where personal data are collected from the data subject - GDPR.eu , and should mean "from where are my personal data being collected ?"


However, some other points which I mentioned in the previous email are still valid and should be worked out by this SIG.


Julian also pointed out that some care has to be taken when personal data are being transfered to a third country or an international organization. Reference: Point 2. of articel 15. : Art. 15 GDPR - Right of access by the data subject - GDPR.eu .

In this case, "the data subject shall have the right to be informed of the appropriate safeguards ... relating to the transfer."

This will be relevant for hosting providers like EBSCO and IndexData and should be covered also by this SIG (although the German institutions plan to self-host).


Other things apply and should be discussed in this SIG, e.g. Art. 30, g. , also Julian mentioned:

Art. 30 GDPR - Records of processing activities - GDPR.eu

"where possible, a general description of the technical and organisational security measures referred to in ..."

This is something where I still say we should collect this information for FOLIO in some kind of glossary.

Ingolf
20 minRaw PDD data → something happens → GDPR complianceAllDiscussion of our understanding of the GDPR analysis and compliance workflow and what FOLIO and FOLIO Privacy SIG might improve to make it easier

Action items

  •  
  • No labels