On 11/04/18 17:34, Mike Silber wrote:
> In addition, I am not sure I concur with Mr Alston’s insistence that
> “holding data of EU citizens” automatically places AfriNIC into the
> category of data controller in terms of GDPR or imposes any requirements
> on AfriNIC, particularly as the GDPR applies to processing of personal
> data in the context of the activities of an establishment of a
> controller or a processor in the Union.
Keeping GDPR aside for a while; AfriNIC is incorporated in Mauritius and
abides by Mauritian laws. Thus, it should comply with the "data
controller" definition of the Data Protection Act 2017 of Mauritius.
Now, in the context of GDPR, if AfriNIC is providing a service, whether
paid or free, to EU residents, and in doing so it is collecting,
processing and/or storing personal information about EU residents; it
has to comply with GDPR.
Community-Discuss mailing list