Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Bruce Wyman
Message: 1 >> Date: Wed, 7 Feb 2018 11:33:45 -0800 >> From: Nik Honeysett <nhoneys...@bpoc.org> >> To: "mcn-l@mcn.edu" <mcn-l@mcn.edu> >> Subject: Re: [MCN-L] Preparing for quickly approaching GDPR deadline >> Message-ID: <af36e10c-d903-4ce2-9b03-a1

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Glen Barnes
t; To: "mcn-l@mcn.edu" <mcn-l@mcn.edu> > Subject: Re: [MCN-L] Preparing for quickly approaching GDPR deadline > Message-ID: <af36e10c-d903-4ce2-9b03-a13ecabbb...@bpoc.org> > Content-Type: text/plain; charset=utf-8 > > James - I don?t think that is right otherwis

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Mark Mangoba
Scott, Thanks for starting this discussion, this topic also interests me because the Petersen Museum here in Los Angeles, CA also has a few EU transactions online and on-site. For our case, I am assuming since we are using Shopify for our e-commerce and point of sale, this will be handled by

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett
Hmm, still very skeptical that “territoriality" applies here: processing is related to the “monitoring” in the EU of the “behavior” of data subjects as their behavior takes place within the EU - from a much more informed interpretation which seems to indicate also that unless we are proactively

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Matt Morgan
It depends how actively you're targeting EU customers. Those of you with lawyers already on the case will do better than I can to figure out the intricacies of this, but:

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A
Nik- I unfortunately think that is the case. https://securityintelligence.com/news/us-firms-have-less-than-a-year-to-comply-with-the-gdpr/ https://www.informationweek.com/strategic-cio/security-and-risk-strategy/7-steps-to-gdpr-for-us-companies/a/d-id/1329235? Diana- Thank you. I'll reach out

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Diana Pan
Scott, we at MoMA have also been assessing where we stand with GDPR as the fines could be pretty hefty if we have a compliance problem down the road. Your general understanding lines up with what we have found as well. If the transaction involves PII info of an EU citizen, then it is in scope.

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett
James - I don’t think that is right otherwise every business in the U.S. would be potentially liable. -nik Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org M (805) 402-3326 P (619) 331-1974 E nhoneys...@bpoc.org

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A
James- My understanding is that quantity of transactions does not matter. The main concern is security and customer control of any stored personal information on any system. Best, Scott On 2/7/18, 2:27 PM, "mcn-l on behalf of Heck, James"

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A
Agree on both accounts. We do sell products, classes, tickets and juried art entries online with EU customers. -S On 2/7/18, 2:23 PM, "mcn-l on behalf of Nik Honeysett" wrote: Also, GDPR wouldn’t apply if they purchased from

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Heck, James
I am awaiting for more details on this from our internal and outside counsel as we too are reviewing impact as well. However I thought that if a EU citizen buys something even in person while in the US their data was still in scope if you knew it was a EU citizen. But I also believe that if it

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett
Also, GDPR wouldn’t apply if they purchased from your website while they were in a hotel next door to you. -nik Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org M (805) 402-3326 P (619) 331-1974 E nhoneys...@bpoc.org

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett
My understanding is that GDPR is enforced based on the location of the transactee at the time of the transaction, irrespective of where the server is. So, if someone buys something from your website from Blighty, then GDPR is in effect for you and their PII, but if that person physically buys

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A
Nik- Thanks for chiming in. We have a significant customer-base (ecommerce, online/physical visitors and students) from the EU. Our read is that any transaction between a US organization and a citizen of the EU falls under the GDPR, even the transactions take place on a server here in the US.

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett
Scott, Do you have a significant percentage of online sales or data capture in the EU? -nik Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org M (805) 402-3326 P (619) 331-1974 E nhoneys...@bpoc.org

[MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre , Scott A
Hi Folks- We are in the early stages of preparing a strategy to comply with the May 28th deadline for complying the EU’s General Data Protection Regulations (https://www.eugdpr.org/ ). Hoping most of you are familiar with these requirements and may have some thoughts