Closed segerhult closed 1 year ago
Kurbitz
commented
1 year ago We've started to migrate away from Google sheets to NextCloud but we're looking for other solutions. Ideally we'd want to use a tool like eBas perhaps via collective bargaining through MDSU.
I think rolling a custom solution would incur too many challenges especially since we want to become GDPR compliant.
segerhult
commented
1 year ago eBas is good but essentialy but it dose not make you GDPR complient on the getgo. Also creating something like this is easy with backend tool such as pocketbase and other database solutions to insure that all rules are followed. The main part is also to automate email sign up easy cancel options for the individual pressing the client to be incharge of their data not us.
Here is a check list i did in a project course with a company:
Identify all the personal data you collect, process, store or share, and document it in a GDPR-compliant data inventory. This includes information such as names, email addresses, telephone numbers, and any other information that can be used to identify an individual.
Obtain explicit consent from individuals to collect, process and store their personal data. Also you msut provide them with the option to withdraw their consent at any time.
Implement appropriate technical and measures to protect personal data against unauthorized access, accidental loss, or destruction. This includes encrypting data, using secure passwords, and limiting access to personal data.
Give individuals the right to access their personal data and request its deletion. You must respond to such requests promptly and securely.
Implement procedures to detect, investigate and report any data breaches. You must notify the relevant authorities and individuals affected by the breach within 72 hours of becoming aware of it.
Appoint a Data Protection Officer (DPO) if necessary. The DPO will be responsible for ensuring GDPR compliance and acting as the point of contact for individuals and authorities regarding personal data processing.
Ensure that your organization is aware of the GDPR requirements and receive adequate training to handle personal data in a compliant manner.
Conduct regular audits: Conduct regular audits to ensure ongoing compliance with GDPR regulations.
segerhult
commented
1 year ago I hade a talk with fruet ninja if "perhaps via collective bargaining through MDSU." is possible then LGTM! But if not we need a plan B
segerhult
commented
1 year ago Can i close this ?
han-san
commented
1 year ago We're using hitract to handle memberships now, so this issue is no longer relevant and can be closed.
Small discussion regarding sign up for dalo members. Database solution ?