> On 11 Apr 2018, at 17:54, Mike Silber <silber.m...@gmail.com> wrote:
> No issue with doing a proper information audit (what there is, where it is 
> stored, how it can be accessed and by whom). That is just good information 
> security practice.
> However I am still not certain that holding any of that information actually 
> makes AfriNIC a controller in terms of the GDPR.

I am pretty sure that AFRINIC is a data controller in terms of the Mauritius 
Data Protection Act, which is aligned with GDPR.

Yes, we are auditing the information we hold and the way we process it, and I 
expect to be able to report on progress at the AIS meeting in early May.

Community-Discuss mailing list

Reply via email to