1 |
Hey, sorry for the late answer |
2 |
|
3 |
El 22/7/20 a las 13:36, Rich Freeman escribió: |
4 |
> Another would be to have a non-EU-based entity collect the data and |
5 |
> avoid owning any infra in the EU, and they would disseminate the data |
6 |
> further, so that they wouldn't fall under EU jurisdiction. That isn't |
7 |
> to say that we wouldn't treat personal data with care - just that |
8 |
> there would be no red tape around it to demonstrate compliance to an |
9 |
> external regulator. |
10 |
|
11 |
Keep in mind that GDPR applies so long you handle data from european citizens, EVEN if you are not an EU-based entity. Of course the EU can't put you fines if you don't have any operations on there but they can for example freeze any fund transfers going through their borders. So, sadly or not, the GDPR will affect us as long as we have developers and users who are EU citizens or residents. |
12 |
|
13 |
|
14 |
> I would minimize collection of personal data in any case. You don't |
15 |
> have to protect info you don't collect, and you can contain what info |
16 |
> you do have to those entities that require it. Even if the eV has |
17 |
> somebody's address to pay them for something, we don't need to share |
18 |
> that with whatever entity is running a mailing list or bugzilla |
19 |
> server. |
20 |
|
21 |
Well, that is also a requirement in GDPR :P (Article 25, Data protection by design and by default). |