Hello all,
The IT department at the Kimbell has been working on this for about 9 months, and we are about to do some in-depth discovery in our organization to identify the locations of the data, and then remediate any areas of need. As some have already pointed out, if you capture any EU citizen data, then it falls under the umbrella of GDPR. We are also PCI compliant (I manage our entire PCI footprint), so this is not uncharted territory for the museum and staff. Below is the email I sent to get everyone up to date and ready to discuss the requirement and the deadline. “The deadline for compliance with the General Data Protection Regulation (GDPR) is quickly approaching (May 25th, 2018). Unlike PCI compliance, which is a contractual agreement, GDPR is a comprehensive law that requires US organizations to properly secure any and all information collected from European Union (EU) citizens. Specifically, it dictates how organizations handle personally identifiable information (PII). The purpose is to ensure that they have greater control over their personal information – the right to actively consent to every use of personal data, the right to limit that use, the right to be forgotten, the right to have their data portable, and the right to seek damages should they suffer from misuse and/or breach of their data. And since it includes extraterritoriality, we are legally required to adhere to the regulation. We need to review our physical and digital systems to determine if we are storing any data belonging to customers living in the European Union. If we are, then we will need to meet GDPR, and be able to show compliance on demand, either through an audit or a request from an EU citizen.” Hope this helps! Brian Whaley Head of IT and AV Kimbell Art Museum 3333 Camp Bowie Boulevard Fort Worth, TX 76107-2792 bwha...@kimbellmuseum.org<mailto:bwha...@kimbellmuseum.org> t. 817.332.8451 ext 357 f. 817.877.1264 www.kimbellart.org _______________________________________________ You are currently subscribed to mcn-l, the listserv of the Museum Computer Network (http://www.mcn.edu) To post to this list, send messages to: mcn-l@mcn.edu To unsubscribe or change mcn-l delivery options visit: http://mcn.edu/mailman/listinfo/mcn-l The MCN-L archives can be found at: http://www.mail-archive.com/mcn-l@mcn.edu/