GDPR Report 2021

Categories: Association Created by Karen Falkenberg
Photo: FLY:D / Unsplash.com
“Data protection should not be an obstacle, but a challenge and an opportunity.” Wise words from TYPO3 Data Protection Officer, Karen Falkenberg. Here is Karen’s report describing GDPR and other data protection related activities for 2021.

Data protection measures affect 983 TYPO3 Association members, and the 12,894 registered users of typo3.org. Olivier Dobberkau, Alain Veuve and I are particularly involved in the data protection work for the TYPO3 community, and one of our responsibilities is to keep abreast of any changes in the regulations. In 2021, we reviewed the data protection documents twice—checking for any new requirements, records related to processing activities, processors’ contracts and related NDAs. 

Breaches, Inquiries And Requests

In 2021, no data breaches were committed.

Over the past year, we have seen an increase in the number of inquiries related to GDPR. 

In total we handled 16 requests from data subjects. Most of the time, a deletion of the data was desired. We have a standard process for actioning deletion requests.

In 14 of these cases, we were able to clarify the correct identity of the data subject. These accounts were deleted, or marked for deletion, according to the GDPR.

Please be aware that any inquiries for information or requests for deletion have an impact. They generate a non-trivial amount of work for myself and other parties like the TYPO3 Server Team.  

The more information we have from you, the better we can clarify your wishes. If data is required for accounting purposes, for example, we can only mark this data for deletion at a specific time.

We Are On Your Side

Privacy violations can be scary—but that’s no excuse for rudeness.

Privacy is an important issue, and we recognize that you might be angry when you feel like your privacy has been violated. Unfortunately, this year we had to deal with a number of quite aggressive enquiries, with people being rude and demanding. 

We’d like to remind the community that we are working for you—please be kind.

Consultation Hour

We were unable to hold the Security Sprint and Privacy Sprint events in 2021 (that had been postponed in 2020 due to the Coronavirus pandemic). Therefore, we held a “Consultation Hour” once a month. During this time, TYPO3 Association members had the opportunity to talk to me about problems related to data processing within the Association.

Data Protection Training

Also as a result of the pandemic, we were unable to conduct any data protection training in-person. We offer online training courses (for beginner and advanced awareness) but these were not taken up. 

In the Team Leader conferences, I referred to the monthly data protection training sessions so that team leaders could plan with their teams to attend a training session.

The Association Board training is still open—it is acknowledged that everyone on the Board is a volunteer and has a lot to do!  

Check out the training session times and register today.

Training for TYPO3 Teams

Compliance

In the last year, no direct on-site inspection has taken place by the official supervisory authority. We have also received no questionnaire on the use of tracking tools or other analysis tools. Both of these might have led to further action, but there is nothing to report. 

Get In Touch

Do you have any questions about Data protection within the TYPO3 project? Come and visit the Data Protection Corner, or book a time to chat with me by phone or video conference. My office hours are listed on the Data Protection training page.

Additional contributors for this article
  • Copy Editor : Felicity Brand
  • Content Publisher : Mathias Bolt Lesniak