GDPR/Compliance Team Meeting - May 22, 2019
This meeting of the Joomla! Compliance Team has been held on May 22, 2019 at 16.30 CET on Glip.
In attendance: Achilleas Papageorgiou, Luca Marzo, Sandra Decoux, Roland Dalmulder.
- The previous week Luca, Achilleas and Kleanthis participated to an Incident Response Task Force to contribute with any compliance related support needed as a result of a security incident, that could potentially lead to personal data breach of Joomla Extension Directory (JED) users. Based on the existing Incident Response Plan that the team had in progress, the fact that in case of data breach also personal data of EU citizens would be affected and in respect of Articles 33 and 34 of GDPR, a number of preventable actions were decided. While the website was offline for further investigation and the compliance team was informed regarding a software vulnerability that has been used to obtain unauthorized access to two servers related to the JED, a transparent and easy to read announcement was decided to be published in order 1) to make the community aware of the situation and 2) and make all the involved parties get ready for any additional actions needed. Hopefully the security team after their investigation reported that there was no user data has been accessed improperly.
- Lessons learned regarding privacy based on JED security incident discussed.
- Sander to review the Privacy Guidance for extensions before get published to the J!Docs.
- Achilleas shared the proposed age consent flow based on the previous input by Luca regarding the age restrictions that already exists by the organization. Roland, Luca, Sandra and Achilleas discussed the final user flow.
- The existing version of the Incident Response Policy and Plan document was shared with the BoD to be reviewed and be prepared to be final.
Join the Compliance Team
The Joomla Compliance Team is looking for new volunteers.
The Joomla Compliance Team is an active and dynamic team that is currently get involved in several different tasks that include legal compliance, privacy related reports, development, privacy-related articles writting, document reviews and decision making, privacy consultancy, Cross-CMS collaborative activities and more. The Joomla Compliance Team is looking for new volunteers.
Lawyers, people with legal/compliance background, GDPR/data protection experts and developers are more than welcome to join the team. Please get in touch with Achilleas Papageorgiou email@example.com
Next meeting will take place on June 05, 2019 at 16.30 CET on Glip.
Meeting ends after 90 minutes.