> On 11 Apr 2018, at 17:54, Mike Silber <silber.m...@gmail.com> wrote: > > No issue with doing a proper information audit (what there is, where it is > stored, how it can be accessed and by whom). That is just good information > security practice. > > However I am still not certain that holding any of that information actually > makes AfriNIC a controller in terms of the GDPR.
I am pretty sure that AFRINIC is a data controller in terms of the Mauritius Data Protection Act, which is aligned with GDPR. Yes, we are auditing the information we hold and the way we process it, and I expect to be able to report on progress at the AIS meeting in early May. Alan _______________________________________________ Community-Discuss mailing list Community-Discuss@afrinic.net https://lists.afrinic.net/mailman/listinfo/community-discuss