[Mailman-Users] [Mailman-cabal] GDPR

Andrew Hodgson andrew at hodgson.io
Mon May 14 08:33:37 EDT 2018 

Guys,

Thanks for all the discussion around this topic.  I have been in further communication with the people working on GDPR with us.  Background: I run Mailman lists for a couple of charities as a voluntary contribution to the charities, the charities have money that their disposal and we want to reduce exposure both for me personally and the charities involved.

These are just rough notes:

- Archive purge requests. We have discussed the same items as on the list to date.  I am looking at doing a simple grep for the relevant person's details and changing that.  The main reason for doing this is that if we just remove the author's messages they will be in a thread of other messages and our users typically don't remove quoted material.  Current advice from the GDPR people is we may have to delete the whole thread.  Still under discussion, this is also complex because threads and subjects change, if we delete the whole thread there may be messages from the same author in other threads that don't have correct atribution etc.

- Audit logs for data access.  it is not clear who is accessing subscription data for the list as there is just a single owner and moderator account.  Unsure if current logging data in either MM2 or MM3 is "good enough" for this.  MM3 may solve the issue about single accounts.

- Relevant people seem to be happy that running a discussion list not used for marketing purposes should exempt us from some of the marketing type rules regarding data processing.

- People seem happy with the system default logs as long as we can audit access to the logs (which we are able to as there is little access to the boxes themselves).

- Likely that I will have to move the lists to a host the charities control themselves and a separate host for each charity.  This will increase costs so we may need to look at an alternative solution like a hosted list service as I am not setting myself up as a list hosting business.

Again all this up for interpretation.  The largest ones for me at the moment is regarding auditing access to the Mailman admin access and the archive purging requests.

Andrew.

More information about the Mailman-Users mailing list