Let’s say you’re organizing a meeting where it’s required or desired for people to enter their name and possibly their own email address on an attendance list. As an organizer, you take that list with you after the meeting. For example, to send information to attendees afterwards. Nothing new you would say.
Is this covered by the GDPR?
According to the GDPR, you are now a processor of personal data and as a processor of that data you must meet a number of requirements. For example, if someone so requests, you must delete personal data and be able to prove that you have also done so. Quite cumbersome with something as simple as an attendance list.
Couldn’t make this easier
We are working on a ‘Self-sovereign Attendancy App’. This allows you as a participant to confirm your participation in a meeting without sharing personal data. The organizer can see how many people were present without seeing any personal data. If the participant gives explicit permission, the organizer can see personal data.
More info? Watch the video.