Re: Whois vs GDPR, latest news

2018-05-26 Thread Dan Hollis
On Sat, 26 May 2018, Royce Williams wrote: Naively ... to counter potential panic, it would be awesome to crowdsource some kind of CC-licensed GDPR toolkit for small orgs. Something like a boilerplate privacy policy (perhaps generated by answers to questions), plus some simplified checklists, cou

Re: Whois vs GDPR, latest news

2018-05-26 Thread Royce Williams
On Sat, May 26, 2018 at 4:57 PM Dan Hollis wrote: > I imagine small businesses who do a small percentage of revenue to EU > citizens will simply decide to do zero percentage of revenue to EU > citizens. The risk is simply too great. That would be a shame. I would expect the level of effort to be

Re: Whois vs GDPR, latest news

2018-05-26 Thread Dan Hollis
On Sat, 26 May 2018, Seth Mattinen wrote: On 5/24/18 4:21 PM, Anne P. Mitchell Esq. wrote: Actually, GDPR specifically requires processors to include statements of compliance right in their contracts; we also strongly recommend that controllers insist on indemnification clauses in their contra

Re: Whois vs GDPR, latest news

2018-05-26 Thread valdis . kletnieks
On Sat, 26 May 2018 10:31:29 +0200, "Michel 'ic' Luczak" said: > "When the regulation does not apply > Your company is service provider based outside the EU. It provides services > to customers outside the EU. Its clients can use its services when they > travel > to other countries, including w

Re: Whois vs GDPR, latest news

2018-05-26 Thread Rob McEwen
On 5/26/2018 3:36 PM, JORDI PALET MARTINEZ via NANOG wrote: Talking from the experience because the previous laws in Spain, LOPD and LSSI Jordi, LOPD/LSSI does not = GDPR But even if there was a probability that GDPR would operate like they do: (1) it is alarming that the fines mentioned on

Re: Whois vs GDPR, latest news

2018-05-26 Thread JORDI PALET MARTINEZ via NANOG
Talking from the experience because the previous laws in Spain, LOPD and LSSI (which basically was the same across the different EU countries). They had "maximum" fines (it was 600.000 Euros). They start for small law infringement with 600 euros, 1.500 euros, unless is something very severe, the

Re: Whois vs GDPR, latest news

2018-05-26 Thread Florian Weimer
* Mark Andrews: > Domain whois is absolutely useful. Try contacting a site to report > that their nameservers are hosed without it. A lot of WHOIS servers do not show who's running the name servers, or who maintains the data served by them. Those that do usually provide information which is pro

Re: Whois vs GDPR, latest news

2018-05-26 Thread Rob McEwen
On 5/26/2018 2:36 PM, Michel 'ic' Luczak wrote: Original text from EU Commission: "Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual

Re: Whois vs GDPR, latest news

2018-05-26 Thread Michel 'ic' Luczak
> On 26 May 2018, at 20:28, Seth Mattinen wrote: > > > > On 5/26/18 8:15 PM, Michel 'ic' Luczak wrote: >> The two levels depend on the nature of the infringement, but it says clearly >> “up to 10M” (or 2% of your worldwide revenue, whichever is bigger) for the >> “less serious” infringement

Re: Whois vs GDPR, latest news

2018-05-26 Thread Seth Mattinen
On 5/26/18 8:15 PM, Michel 'ic' Luczak wrote: The two levels depend on the nature of the infringement, but it says clearly “up to 10M” (or 2% of your worldwide revenue, whichever is bigger) for the “less serious” infringements. So no, there is no minimum fine actually. To me that says the

Re: Whois vs GDPR, latest news

2018-05-26 Thread Michel 'ic' Luczak
> On 26 May 2018, at 19:37, Rob McEwen wrote: > > The *MINIMUM* fine is 10M euros. > > SEE: https://www.gdpreu.org/compliance/fines-and-penalties/ > The two levels depend on the nature of the infringement, but it says clearly “up to 10

Re: Whois vs GDPR, latest news

2018-05-26 Thread Rob McEwen
On 5/26/2018 12:29 PM, JORDI PALET MARTINEZ via NANOG wrote: I don't recall right now the exact details about how they calculate the fine The *MINIMUM* fine is 10M euros. SEE: https://www.gdpreu.org/compliance/fines-and-penalties/ This is true no matter how small the business, and (potential

Re: Whois vs GDPR, latest news

2018-05-26 Thread Owen DeLong
I’m not sure that’s true. I think that the notice is sufficient to indicate that I have no intention to have EU persons visiting my web site and thus should not be subject to their extraterritorial overreach. Obviously time will tell what happens. Owen > On May 26, 2018, at 09:29 , JORDI PALE

Re: Whois vs GDPR, latest news

2018-05-26 Thread JORDI PALET MARTINEZ via NANOG
I don't recall right now the exact details about how they calculate the fine, which is appropriate for each case, but the 4% of turnover or 20 million Euros is just the maximum amount (per case). I'm sure there is something already documented, about that, or may be is each country DPA the one re

Re: Juniper BGP Convergence Time

2018-05-26 Thread Baldur Norddahl
Add a static default route on both routers. This will be invalidated as soon the interface goes down. Should be faster than relying on the BGP process on withdrawing the route. Also does not require any config changes at your upstreams. Regards Baldur ons. 16. maj 2018 18.52 skrev Adam Kajtar :

Re: Whois vs GDPR, latest news

2018-05-26 Thread Seth Mattinen
On 5/26/18 1:30 PM, JORDI PALET MARTINEZ via NANOG wrote: I don't think, in general the DPAs need to use lawsuits. If they discover (by their own, or by means of a customer claim) that a company (never mind is from the EU or outside) is not following the GDPR, they will just fine it and the

Re: Whois vs GDPR, latest news

2018-05-26 Thread JORDI PALET MARTINEZ via NANOG
I don't think, in general the DPAs need to use lawsuits. If they discover (by their own, or by means of a customer claim) that a company (never mind is from the EU or outside) is not following the GDPR, they will just fine it and the corresponding government authorities are the responsible to c

Re: Whois vs GDPR, latest news

2018-05-26 Thread JORDI PALET MARTINEZ via NANOG
However, if an EU citizen or resident uses the services of those companies, they are bound to comply with the GDPR. So, if you target your services to people outside the EU, you must have a way to DENY that anyone in the EU register to your services, or even sent a request via a form in your we

Re: Whois vs GDPR, latest news

2018-05-26 Thread Nick Hilliard
Seth Mattinen wrote on 26/05/2018 08:41: Good luck getting multiple millions worth of fines out of small businesses that never even touch a million a year in revenue, let alone the added expenses of trying to do all the crap GDPR thinks everyone can suddenly afford out of nowhere. You can put

Re: Whois vs GDPR, latest news

2018-05-26 Thread Michel 'ic' Luczak
> On 23 May 2018, at 19:12, Anne P. Mitchell Esq. wrote: > > > >> On May 23, 2018, at 11:05 AM, K. Scott Helms wrote: >> >> Yep, if you're doing a decent job around securing data then you don't have >> much to be worried about on that side of things. The problem for most >> companies is t

Re: Whois vs GDPR, latest news

2018-05-26 Thread Seth Mattinen
On 5/24/18 4:21 PM, Anne P. Mitchell Esq. wrote: Actually, GDPR specifically requires processors to include statements of compliance right in their contracts; we also strongly recommend that controllers insist on indemnification clauses in their contracts with processors, because if the pro