Page MenuHomePhabricator

Ensure GDPR compatibility of Zynatic and our use of it
Open, HighPublic

Description

With the switch to the Zynatic membership system most GDPR issues should be resolved.

See e.g.: https://www.datainspektionen.se/lagar-och-regler/personuppgiftslagen/molntjanster/

We might however need the following:

Event Timeline

On uner-aged members:

Här behöver säkerställas att förälders/vårdnadshavares samtycke kan inhämtas och anges i medlemsregister. Vidare utredning krävs.

A possible solution is the introduction of a checkbox for "parental consent" and a (monthly?) routine for checking that any new member with an age < 16 has this field filled in within e.g. 1 month. Alternatively a text field where a reference to the logged consent can be fileld in.

Lokal_Profil added a comment.EditedFeb 12 2018, 7:53 AM

Draft Personuppgiftsbiträdesavtal received

Lokal_Profil updated the task description. (Show Details)Feb 12 2018, 8:12 AM

Zynatic are adding a mechanism for members to explicitly approve of us storing their personal data (and storing that approval).

It's unclear to me how we should handle new members who don't log in. Do we only need a tickbox for this on the paper forms? And can these somehow be linked to the member in Zynatic?

How do we deal with anyone who renews their membership by just pays in the fee (without logging in).

Lokal_Profil updated the task description. (Show Details)Mar 7 2018, 10:20 AM

I have broken out the constituent parts as subtasks

Lokal_Profil triaged this task as High priority.Apr 5 2018, 10:16 AM
Lokal_Profil renamed this task from Ensure Zynatic GDPR compatibility to Ensure GDPR compatibility of Zynatic and our use of it.May 7 2018, 9:50 AM

It would be great if the remaining subtasked could be solved during 2018. They are mainly about writing down the routines which makes the policies easy to live by as part of our everyday work.