Hi Mike, On 11/04/18 17:34, Mike Silber wrote: > In addition, I am not sure I concur with Mr Alston’s insistence that > “holding data of EU citizens” automatically places AfriNIC into the > category of data controller in terms of GDPR or imposes any requirements > on AfriNIC, particularly as the GDPR applies to processing of personal > data in the context of the activities of an establishment of a > controller or a processor in the Union.
Keeping GDPR aside for a while; AfriNIC is incorporated in Mauritius and abides by Mauritian laws. Thus, it should comply with the "data controller" definition of the Data Protection Act 2017 of Mauritius. Now, in the context of GDPR, if AfriNIC is providing a service, whether paid or free, to EU residents, and in doing so it is collecting, processing and/or storing personal information about EU residents; it has to comply with GDPR. Regards, Ish Sookun _______________________________________________ Community-Discuss mailing list Community-Discuss@afrinic.net https://lists.afrinic.net/mailman/listinfo/community-discuss