MvdV>> We do handle personal data. Not to long ago a Dutch court ruled MvdV>> that an IP number is personal data. We distribute a list that MvdV>> links people to IP numbers. Either directly or via the host MvdV>> names.
MR> Any node running binkd has lots of IP addresses in the log file.
Yes. But those aren't third party data. Those are the IP numbers of nodes that have called my system and those that my system has called. How is that different from the list of numbers collected in my mobile phone?
MR> But this is only a small part of the personal data we collect and MR> process. Who is responsible for the proper documentation required by MR> the GDPR? Each node for his system or the NC/RC/ZC for all nodes in MR> his net/region/zone? Presumably the latter.
I don't know, but I don't think anyone can be responsble for what he/she does not control. I would say the sysop - as master of his system - is responsible for what passes through / is collected by his/her system.
Lots of questions and very few answers. I thinks we will just have to see how his evolves...