PostgreSQL Europe stores and processes data, and therefore we had to revisit the processes as the European General Data Protection Regulation came live in May 2018.
Two areas, or services, had to be revisited, in order to be sure that we comply with the regulation.
First we store membership data for every member of PostgreSQL Europe. After carefully looking at the data, we determined that we only store the data which is required to provide this service to our members, and keep them informed - as example about renewing their membership or send information about the General Assembly.
The second, and larger area is the conference system. We always strived to only ask for the data which is necessary to enable visitors to go to our conferences. However as part of the compliance effort we decided that we can retire or anonymize certain data from past conferences, which is no longer required. In particular we will:
We can’t delete certain other data, for example names and addresses on invoices, and general accounting data. These are necessary to keep our financial records intact.
For scrubbing the conference data we decided on a half-automatic process. Shortly after a conference ends, a cron job will remind organizers to cleanse the data. The admin interface provides an option for that. Using this option, all data mentioned above is anonymized or deleted, and this process can’t be reversed.