Hi Abibu,

Considering that the board is facing a tabled and accepted motion of no 
confidence in Dakar – which has been accepted to the Agenda – and considering 
the GDPR comes into force on the 25th of May – is it not prudent of the board 
to do investigations and conclude them before the Dakar meeting – coming with 
fixed and concrete and agreed actions to the meeting - so that in the event 
that the motion does indeed pass – the outgoing board would have at the very 
least left AfriNIC in a strong position to deal with the potential issues 
created by the GDPR.

I can also say – I really hope that in sending this – the board will not come 
with an argument that the vote places AfriNIC in a precarious position because 
of the GDPR situation and the fact that meetings with RIPE were only happening 
at the meeting – since such an argument would be predicated on the board 
creating a negative situation for the company in order to potentially save 


From: "Abibu R. Ntahigiye" <ab...@tznic.or.tz>
Date: Wednesday, 11 April 2018 at 14:36
To: Andrew Alston <andrew.als...@liquidtelecom.com>
Cc: "members-disc...@afrinic.net" <members-disc...@afrinic.net>, 
"community-discuss@afrinic.net" <community-discuss@afrinic.net>, AFRINIC Board 
of Directors' List <bo...@afrinic.net>
Subject: Re: [Community-Discuss] AFRINIC and the GDPR

Dear Andrew, Members and the whole Afrinic community,

Andrew has raised a very important issue for Afrinic operations - Thanks so 
much Andrew.

The Board would like to inform you that the issue was discussed within the 
Board at the Afrinic 27 meeting in Lagos and the Management was tasked to work 
on the issue.

The Board has also been made aware that the Mauritius Data Protection Act 2017 
is already in effect and is aligned with the EU GDPR regulations.  The Board 
believes that these regulations are not a barrier to publication of the WHOIS 
data, and it has noted the RIPE NCC study that made such a finding.  The Board 
further believes that the biggest changes required by AFRINIC are in 
documenting how personal data is used, and in informing people at the time data 
is collected.

The AFRINIC management will provide further updates on the issues at AIS 2018 
in Senegal.
Further to the above, the Board expects to receive more insights on GDPR  
related issues at the joint Boards (AfriNIC and RIPE NCC) meeting planned in 

Kind regards

On 11/04/2018 08:42, Andrew Alston wrote:
Hi AfriNIC Board,

Can this board please *urgently* inform this community as to what preparations 
they have made as regards to compliance with the General Data Protection 
Regulations passed by the European Commision and the board will be in a 
position to give this community a full and complete report as to their GDPR 
compliance status and what will be changing before the 25th of May to ensure 
that when the GDPR comes into force AfriNIC is compliant.

Considering that the regulation comes into force on the 25th of May 2018 – and 
AfriNIC is 100% holding data of EU Citizens, which makes them subject to the 
regulations irrespective of the fact that they are domiciled in Mauritius – 
this is an urgent and critical issue.  It has direct impact on the whois 
database, abuse contact information, handling of data submitted during 
application process and potentially even the proposed review policy, just to 
name a few things that I can think of off the top of my head – and cannot be 
ignored.  I would in fact have liked to have seen discussions by the board in 
the minutes that have been published about the GDPR long before now – 
considering the impact – but failing that – the question is now being asked.



Community-Discuss mailing list




Abibu R. Ntahigiye

CEO, tzNIC / Interim Chairman, Afrinic.
Community-Discuss mailing list

Reply via email to