subject:"Re\: \[MCN\-L\] Preparing for quickly approaching GDPR deadline"

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Bruce Wyman

Glen — 

From what I’ve been reading lately, I think Nik’s observation about location is 
the critical piece. Here’s what I’m understanding at the moment:

1. Is the transaction happening with someone physically located in the EU? 
If no, you’re all done. GDPR does not apply.
If yes, proceed to step 2.

(Article 3 of the GDPR is the relevant bit here)

2. Are you collecting uniquely identifiable data (ie, name, address, phone 
number, DOB, picture, etc) or behavioral data of someone in the EU? 
If no, you’re all done, GDPR no longer applies.
If yes, proceed to step 3.

3. Is the material (marketing or products) targeted or localized to a member of 
the EU? (I admit that the *product* part seems iffy to me)
If no, you’re all done, GDPR no longer applies.
If yes, you need to be in compliance with GDPR

In particular, if a german user comes across your english-only website with 
marketing or content geared to a US consumers (or B2B), then that german user 
doesn’t have GDPR protections, they weren’t part of the target audience. I do 
think this is a bit of a grey zone and when in doubt, it’s probably better to 
be opting for GDPR compliance.

-bw.


> On Feb 7, 2018, at 6:32 PM, Glen Barnes <g...@mytoursapp.com 
> <mailto:g...@mytoursapp.com>> wrote:
> 
> "The GDPR not only applies to organisations located within the EU but it
> will also apply to organisations located outside of the EU if they offer
> goods or services to, or monitor the behaviour of, EU data subjects. It
> applies to all companies processing and holding the personal data of data
> subjects residing in the European Union, regardless of the company’s
> location.”
> 
> If you collect data on an EU resident it counts. We have had to abide by
> rules the US has pushed on the rest of the world in relation to money
> laundering, travel and other areas for years. Our bank is making small
> businesses in NZ who have no business outside of the local community fill
> out forms declaring US based income, etc. (See FACTA:
> https://www.stuff.co.nz/business/79049481/thousands-of-bank-customers-called-on-to-reveal-us-connections
>  
> <https://www.stuff.co.nz/business/79049481/thousands-of-bank-customers-called-on-to-reveal-us-connections>
> )
> 
> The US is about to get a taste of its own medicine ;-) So yeah, welcome to
> the club!
> 
> Cheers
> Glen Barnes
> CEO/Founder
> Authentic - Home of My Tours, Curtis, STQRY and 7scenes
> p: +64 (21) 0429 471
> e: g...@getauthentic.io
> w: www.getauthentic.io
> 
>> 
>> 
>> Message: 1
>> Date: Wed, 7 Feb 2018 11:33:45 -0800
>> From: Nik Honeysett <nhoneys...@bpoc.org>
>> To: "mcn-l@mcn.edu" <mcn-l@mcn.edu>
>> Subject: Re: [MCN-L] Preparing for quickly approaching GDPR deadline
>> Message-ID: <af36e10c-d903-4ce2-9b03-a13ecabbb...@bpoc.org>
>> Content-Type: text/plain;   charset=utf-8
>> 
>> James - I don?t think that is right otherwise every business in the U.S.
>> would be potentially liable.
>> -nik
>> 
>> 
>> 
>> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
>> 
>> 
>> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org > nhoneys...@bpoc.org>
>> 1549 El Prado, Suite 8, San Diego, CA 92101
>> 
>> A non-profit technology collaboration connecting audiences to art, culture
>> & science.
>> 
>> 
>> 



Bruce Wyman  |  Principal
bwy...@usd-mach.com <mailto:bwy...@usd-mach.com>  |  720.208.6586

USD Design | MACH Consulting  |  www.usd-mach.com 
Strategy • Design • Concept • Implementation

___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Glen Barnes

"The GDPR not only applies to organisations located within the EU but it
will also apply to organisations located outside of the EU if they offer
goods or services to, or monitor the behaviour of, EU data subjects. It
applies to all companies processing and holding the personal data of data
subjects residing in the European Union, regardless of the company’s
location.”

If you collect data on an EU resident it counts. We have had to abide by
rules the US has pushed on the rest of the world in relation to money
laundering, travel and other areas for years. Our bank is making small
businesses in NZ who have no business outside of the local community fill
out forms declaring US based income, etc. (See FACTA:
https://www.stuff.co.nz/business/79049481/thousands-of-bank-customers-called-on-to-reveal-us-connections
)

The US is about to get a taste of its own medicine ;-) So yeah, welcome to
the club!

Cheers
Glen Barnes
CEO/Founder
Authentic - Home of My Tours, Curtis, STQRY and 7scenes
p: +64 (21) 0429 471
e: g...@getauthentic.io
w: www.getauthentic.io

>
>
> Message: 1
> Date: Wed, 7 Feb 2018 11:33:45 -0800
> From: Nik Honeysett <nhoneys...@bpoc.org>
> To: "mcn-l@mcn.edu" <mcn-l@mcn.edu>
> Subject: Re: [MCN-L] Preparing for quickly approaching GDPR deadline
> Message-ID: <af36e10c-d903-4ce2-9b03-a13ecabbb...@bpoc.org>
> Content-Type: text/plain;   charset=utf-8
>
> James - I don?t think that is right otherwise every business in the U.S.
> would be potentially liable.
> -nik
>
> 
>
> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
>
>
> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  nhoneys...@bpoc.org>
> 1549 El Prado, Suite 8, San Diego, CA 92101
>
> A non-profit technology collaboration connecting audiences to art, culture
> & science.
>
> 
>
>
>
___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Mark Mangoba

Scott,

Thanks for starting this discussion, this topic also interests me because
the Petersen Museum here in Los Angeles, CA also has a few EU transactions
online and on-site.

For our case, I am assuming since we are using Shopify for our e-commerce
and point of sale, this will be handled by Shopify (
https://help.shopify.com/manual/your-account/GDPR) but assuming the API
integrations with our CRM (Shopify <—> CRM) and other reporting process
will have to be double checked.

Also the rules do seem a little mirky, although we do not have an EU base,
we do however accept EU transactions, which sounds like GDPR would apply to
us.

Best regards,
Mark

*Mark Mangoba | Technology Consultant | Petersen Automotive Museum* |
Technology & Innovation | mmang...@petersen.org | Technology Help Desk:
t...@petersen.org | Supervisor:  arosa...@petersen.org (Director) |
petersen.org | https://github.com/markmangoba

On Wed, Feb 7, 2018 at 12:38 PM, Nik Honeysett  wrote:
> Hmm, still very skeptical that “territoriality" applies here: processing
is related to the “monitoring” in the EU of the “behavior” of data subjects
as their behavior takes place within the EU - from a much more informed
interpretation which seems to indicate also that unless we are proactively
selling to an EU country, we’re not under GDPR:
>
>
https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/
>
> Interested to understand how various legal counsels in interpret this
though.
> -nik
>
> 
>
> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
>
>
> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
> 1549 El Prado, Suite 8, San Diego, CA 92101
>
> A non-profit technology collaboration connecting audiences to art,
culture & science.
>
> 
>
>
>
>
>> On Feb 7, 2018, at 11:40 AM, Sayre, Scott A  wrote:
>>
>> Nik-
>> I unfortunately think that is the case.
>>
https://securityintelligence.com/news/us-firms-have-less-than-a-year-to-comply-with-the-gdpr/
<
https://securityintelligence.com/news/us-firms-have-less-than-a-year-to-comply-with-the-gdpr/
>
>>
https://www.informationweek.com/strategic-cio/security-and-risk-strategy/7-steps-to-gdpr-for-us-companies/a/d-id/1329235?
<
https://www.informationweek.com/strategic-cio/security-and-risk-strategy/7-steps-to-gdpr-for-us-companies/a/d-id/1329235
?>
>>
>> Diana-
>> Thank you.  I'll reach out after we have a couple more meetings here.
Lets share what we discover as we go along.
>>
>> Best,
>> Scott
>>
>> On 2/7/18, 2:34 PM, "mcn-l on behalf of Nik Honeysett" <
mcn-l-boun...@mcn.edu  on behalf of
nhoneys...@bpoc.org > wrote:
>>
>>James - I don’t think that is right otherwise every business in the
U.S. would be potentially liable.
>>-nik
>>
>>
>>
>>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org <
http://www.bpoc.org/>
>>
>>
>>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  >
>>1549 El Prado, Suite 8, San Diego, CA 92101
>>
>>A non-profit technology collaboration connecting audiences to art,
culture & science.
>>
>>
>>
>>
>>
>>
>>> On Feb 7, 2018, at 11:31 AM, Sayre, Scott A  wrote:
>>>
>>> Agree on both accounts.  We do sell  products, classes, tickets and
juried art entries online with EU customers.
>>> -S
>>>
>>> On 2/7/18, 2:23 PM, "mcn-l on behalf of Nik Honeysett" <
mcn-l-boun...@mcn.edu on behalf of nhoneys...@bpoc.org> wrote:
>>>
>>>   Also, GDPR wouldn’t apply if they purchased from your website while
they were in a hotel next door to you.
>>>   -nik
>>>
>>>   
>>>
>>>   Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
>>>
>>>
>>>   M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>>>   1549 El Prado, Suite 8, San Diego, CA 92101
>>>
>>>   A non-profit technology collaboration connecting audiences to art,
culture & science.
>>>
>>>   
>>>
>>>
>>>
>>>
>>>
>>>
>>>
 On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:

 My understanding is that GDPR is enforced based on the location of the
transactee at the time of the transaction, irrespective of where the server
is. So, if someone buys something from your website from Blighty, then GDPR
is in effect for you and their PII, but if that person physically buys from
your store, then GDPR does not apply.
 -nik

 

 Nik Honeysett |

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett

Hmm, still very skeptical that “territoriality" applies here: processing is 
related to the “monitoring” in the EU of the “behavior” of data subjects as 
their behavior takes place within the EU - from a much more informed 
interpretation which seems to indicate also that unless we are proactively 
selling to an EU country, we’re not under GDPR: 

https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/
 

Interested to understand how various legal counsels in interpret this though.
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture & 
science.






> On Feb 7, 2018, at 11:40 AM, Sayre, Scott A  wrote:
> 
> Nik-
> I unfortunately think that is the case.  
> https://securityintelligence.com/news/us-firms-have-less-than-a-year-to-comply-with-the-gdpr/
>  
> 
> https://www.informationweek.com/strategic-cio/security-and-risk-strategy/7-steps-to-gdpr-for-us-companies/a/d-id/1329235?
>  
> 
> 
> Diana-
> Thank you.  I'll reach out after we have a couple more meetings here.  Lets 
> share what we discover as we go along.
> 
> Best,
> Scott
> 
> On 2/7/18, 2:34 PM, "mcn-l on behalf of Nik Honeysett" 
>  on behalf of 
> nhoneys...@bpoc.org > wrote:
> 
>James - I don’t think that is right otherwise every business in the U.S. 
> would be potentially liable.
>-nik
> 
>
> 
>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
> 
> 
> 
>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>   >
>1549 El Prado, Suite 8, San Diego, CA 92101
> 
>A non-profit technology collaboration connecting audiences to art, culture 
> & science.
> 
>
> 
> 
> 
> 
>> On Feb 7, 2018, at 11:31 AM, Sayre, Scott A  wrote:
>> 
>> Agree on both accounts.  We do sell  products, classes, tickets and juried 
>> art entries online with EU customers.  
>> -S
>> 
>> On 2/7/18, 2:23 PM, "mcn-l on behalf of Nik Honeysett" 
>>  wrote:
>> 
>>   Also, GDPR wouldn’t apply if they purchased from your website while they 
>> were in a hotel next door to you.
>>   -nik
>> 
>>   
>> 
>>   Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
>> 
>> 
>>   M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>> 
>>   1549 El Prado, Suite 8, San Diego, CA 92101
>> 
>>   A non-profit technology collaboration connecting audiences to art, culture 
>> & science.
>> 
>>   
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:
>>> 
>>> My understanding is that GDPR is enforced based on the location of the 
>>> transactee at the time of the transaction, irrespective of where the server 
>>> is. So, if someone buys something from your website from Blighty, then GDPR 
>>> is in effect for you and their PII, but if that person physically buys from 
>>> your store, then GDPR does not apply.
>>> -nik
>>> 
>>> 
>>> 
>>> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
>>> 
>>> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>>> 
>>> 1549 El Prado, Suite 8, San Diego, CA 92101
>>> 
>>> A non-profit technology collaboration connecting audiences to art, culture 
>>> & science.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
 On Feb 7, 2018, at 11:15 AM, Sayre, Scott A > wrote:
 
 Nik-
 Thanks for chiming in. We have a significant customer-base (ecommerce, 
 online/physical visitors and students) from the EU.  Our read is that any 
 transaction between a US organization and a citizen of the EU falls under 
 the GDPR, even the transactions take place on a server here in the US.
 -Scott
 
 On

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Matt Morgan

It depends how actively you're targeting EU customers. Those of you with 
lawyers already on the case will do better than I can to figure out the 
intricacies of this, but:

https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/

E.g. if you don't have a physical presence in the EU, 


... a controller or processor not established in the EU will be subject to the 
GDPR "where the processing activities are related to offering goods or services 
to data subjects in the Union," even when the goods and services are offered 
for free.[10] Determining whether an entity "envisages" offering goods or 
services in at least one EU Member State, thereby triggering the GDPR’s 
requirements, depends on "factors such as the use of a language or a currency 
generally used in one or more Member States with the possibility of ordering 
goods and services in that other language, or the mentioning of customers or 
users who are in the Union."


I.e. if you're just sending EU people the same stuff you send to Americans, it 
does not apply. Of course, protecting visitor privacy is potentially an 
opportunity to distinguish your org, so this isn't the only reason to do it.

Thanks,
Matt

-- 
  Matt Morgan
  m...@concretecomputing.com

On Wed, Feb 7, 2018, at 2:40 PM, Sayre, Scott A wrote:
> Nik-
> I unfortunately think that is the case.  
> https://securityintelligence.com/news/us-firms-have-less-than-a-year-to-comply-with-the-gdpr/
> https://www.informationweek.com/strategic-cio/security-and-risk-strategy/7-steps-to-gdpr-for-us-companies/a/d-id/1329235?
> 
> Diana-
> Thank you.  I'll reach out after we have a couple more meetings here.  
> Lets share what we discover as we go along.
> 
> Best,
> Scott
> 
> On 2/7/18, 2:34 PM, "mcn-l on behalf of Nik Honeysett"  boun...@mcn.edu on behalf of nhoneys...@bpoc.org> wrote:
> 
> James - I don’t think that is right otherwise every business in the 
> U.S. would be potentially liable.
> -nik
> 
> 
> 
> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
> 
> 
> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
> 
> 1549 El Prado, Suite 8, San Diego, CA 92101
> 
> A non-profit technology collaboration connecting audiences to art, 
> culture & science.
> 
> 
> 
> 
> 
> 
> > On Feb 7, 2018, at 11:31 AM, Sayre, Scott A  
> wrote:
> > 
> > Agree on both accounts.  We do sell  products, classes, tickets 
> and juried art entries online with EU customers.  
> > -S
> > 
> > On 2/7/18, 2:23 PM, "mcn-l on behalf of Nik Honeysett"  boun...@mcn.edu on behalf of nhoneys...@bpoc.org> wrote:
> > 
> >Also, GDPR wouldn’t apply if they purchased from your website 
> while they were in a hotel next door to you.
> >-nik
> > 
> >
> > 
> >Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
> > 
> > 
> >M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
> 
> >1549 El Prado, Suite 8, San Diego, CA 92101
> > 
> >A non-profit technology collaboration connecting audiences to 
> art, culture & science.
> > 
> >
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >> On Feb 7, 2018, at 11:20 AM, Nik Honeysett  
> wrote:
> >> 
> >> My understanding is that GDPR is enforced based on the location 
> of the transactee at the time of the transaction, irrespective of where 
> the server is. So, if someone buys something from your website from 
> Blighty, then GDPR is in effect for you and their PII, but if that 
> person physically buys from your store, then GDPR does not apply.
> >> -nik
> >> 
> >> 
> >> 
> >> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
> 
> >> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
> 
> >> 1549 El Prado, Suite 8, San Diego, CA 92101
> >> 
> >> A non-profit technology collaboration connecting audiences to 
> art, culture & science.
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >>> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A  > wrote:
> >>> 
> >>> Nik-
> >>> Thanks for chiming in. We have a significant customer-base 
> (ecommerce, online/physical visitors and students) from

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A

Nik-
I unfortunately think that is the case.  
https://securityintelligence.com/news/us-firms-have-less-than-a-year-to-comply-with-the-gdpr/
https://www.informationweek.com/strategic-cio/security-and-risk-strategy/7-steps-to-gdpr-for-us-companies/a/d-id/1329235?

Diana-
Thank you.  I'll reach out after we have a couple more meetings here.  Lets 
share what we discover as we go along.

Best,
Scott

On 2/7/18, 2:34 PM, "mcn-l on behalf of Nik Honeysett"  wrote:

James - I don’t think that is right otherwise every business in the U.S. 
would be potentially liable.
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture 
& science.






> On Feb 7, 2018, at 11:31 AM, Sayre, Scott A  wrote:
> 
> Agree on both accounts.  We do sell  products, classes, tickets and 
juried art entries online with EU customers.  
> -S
> 
> On 2/7/18, 2:23 PM, "mcn-l on behalf of Nik Honeysett" 
 wrote:
> 
>Also, GDPR wouldn’t apply if they purchased from your website while 
they were in a hotel next door to you.
>-nik
> 
>
> 
>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
> 
> 
>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

>1549 El Prado, Suite 8, San Diego, CA 92101
> 
>A non-profit technology collaboration connecting audiences to art, 
culture & science.
> 
>
> 
> 
> 
> 
> 
> 
> 
>> On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:
>> 
>> My understanding is that GDPR is enforced based on the location of the 
transactee at the time of the transaction, irrespective of where the server is. 
So, if someone buys something from your website from Blighty, then GDPR is in 
effect for you and their PII, but if that person physically buys from your 
store, then GDPR does not apply.
>> -nik
>> 
>> 
>> 
>> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 

>> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

>> 1549 El Prado, Suite 8, San Diego, CA 92101
>> 
>> A non-profit technology collaboration connecting audiences to art, 
culture & science.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A > wrote:
>>> 
>>> Nik-
>>> Thanks for chiming in. We have a significant customer-base (ecommerce, 
online/physical visitors and students) from the EU.  Our read is that any 
transaction between a US organization and a citizen of the EU falls under the 
GDPR, even the transactions take place on a server here in the US.
>>> -Scott
>>> 
>>> On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" 
 on behalf of 
nhoneys...@bpoc.org > wrote:
>>> 
>>>   Scott,
>>> 
>>>   Do you have a significant percentage of online sales or data capture 
in the EU?
>>>   -nik
>>> 
>>>   
>>> 
>>>   Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 

>>> 
>>> 
>>>   M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
 >
>>>   1549 El Prado, Suite 8, San Diego, CA 92101
>>> 
>>>   A non-profit technology collaboration connecting audiences to art, 
culture & science.
>>> 
>>>   
>>> 
>>> 
>>> 
>>> 
 On Feb 7, 2018, at 8:54 AM, Sayre , Scott A > wrote:
 
 Hi Folks-
 We are in the early stages of preparing a strategy to comply with the 
May 28th deadline for complying the EU’s General Data Protection Regulations 
(https://www.eugdpr.org/  >).  Hoping

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Diana Pan

Scott, we at MoMA have also been assessing where we stand with GDPR as the
fines could be pretty hefty if we have a compliance problem down the road.
Your general understanding lines up with what we have found as well. If the
transaction involves PII info of an EU citizen, then it is in scope.
Processes and controls need to be in place, for example, to remove that
data if requested by that person. If you are using cloud solutions it would
be good to find out what those vendors are doing for GDPR. Also, if you are
using any kind of auto calculation or AI based on info of that person, that
too may be in scope. We are working with external counsel to help guide our
direction on GDPR. Please reach out directly if you would like to chat
further.

Diana

On Feb 7, 2018, at 2:20 PM, Nik Honeysett  wrote:

My understanding is that GDPR is enforced based on the location of the
transactee at the time of the transaction, irrespective of where the server
is. So, if someone buys something from your website from Blighty, then GDPR
is in effect for you and their PII, but if that person physically buys from
your store, then GDPR does not apply.
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org <
mailto:nhoneys...@bpoc.org >
1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture
& science.









On Feb 7, 2018, at 11:15 AM, Sayre, Scott A  wrote:


Nik-

Thanks for chiming in. We have a significant customer-base (ecommerce,
online/physical visitors and students) from the EU.  Our read is that any
transaction between a US organization and a citizen of the EU falls under
the GDPR, even the transactions take place on a server here in the US.

-Scott


On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" <
mcn-l-boun...@mcn.edu >
on behalf of nhoneys...@bpoc.org >> wrote:


  Scott,


  Do you have a significant percentage of online sales or data capture in
the EU?

  -nik


  


  Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org <
http://www.bpoc.org/>



  M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org <
mailto:nhoneys...@bpoc.org > <
mailto:nhoneys...@bpoc.org  >>

  1549 El Prado, Suite 8, San Diego, CA 92101


  A non-profit technology collaboration connecting audiences to art,
culture & science.


  





On Feb 7, 2018, at 8:54 AM, Sayre , Scott A 
wrote:


Hi Folks-

We are in the early stages of preparing a strategy to comply with the May
28th deadline for complying the EU’s General Data Protection Regulations (
https://www.eugdpr.org/ ).  Hoping most of you are
familiar with these requirements and may have some thoughts on how you will
be responding to them.  We are still working on defining requirements vs.
recommended practices and how and when we will be able to address them.  It
appears this could affect our user data practices in e-commerce, blog,
e-commerce (ticketing and retail), as well as CRM.

I’d love to hear how others have begun to work on meeting these regulations
and if you have found any external expertise to guide you through the
process.

Many thanks in advance.

-Scott




___

You are currently subscribed to mcn-l, the listserv of the Museum Computer
Network (http://www.mcn.edu)


To post to this list, send messages to: mcn-l@mcn.edu


To unsubscribe or change mcn-l delivery options visit:

http://mcn.edu/mailman/listinfo/mcn-l


The MCN-L archives can be found at:

http://www.mail-archive.com/mcn-l@mcn.edu/


  ___

  You are currently subscribed to mcn-l, the listserv of the Museum
Computer Network (http://www.mcn.edu )


  To post to this list, send messages to: mcn-l@mcn.edu <
mailto:mcn-l@mcn.edu >


  To unsubscribe or change mcn-l delivery options visit:

  http://mcn.edu/mailman/listinfo/mcn-l <
http://mcn.edu/mailman/listinfo/mcn-l>


  The MCN-L archives can be found at:

  http://www.mail-archive.com/mcn-l@mcn.edu/ <
http://www.mail-archive.com/mcn-l@mcn.edu/>



___

You are currently subscribed to mcn-l, the listserv of the Museum Computer
Network (http://www.mcn.edu )


To post to this list, send messages to: mcn-l@mcn.edu >


To unsubscribe or change

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett

James - I don’t think that is right otherwise every business in the U.S. would 
be potentially liable.
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture & 
science.






> On Feb 7, 2018, at 11:31 AM, Sayre, Scott A  wrote:
> 
> Agree on both accounts.  We do sell  products, classes, tickets and juried 
> art entries online with EU customers.  
> -S
> 
> On 2/7/18, 2:23 PM, "mcn-l on behalf of Nik Honeysett" 
>  wrote:
> 
>Also, GDPR wouldn’t apply if they purchased from your website while they 
> were in a hotel next door to you.
>-nik
> 
>
> 
>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
> 
> 
>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
> 
>1549 El Prado, Suite 8, San Diego, CA 92101
> 
>A non-profit technology collaboration connecting audiences to art, culture 
> & science.
> 
>
> 
> 
> 
> 
> 
> 
> 
>> On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:
>> 
>> My understanding is that GDPR is enforced based on the location of the 
>> transactee at the time of the transaction, irrespective of where the server 
>> is. So, if someone buys something from your website from Blighty, then GDPR 
>> is in effect for you and their PII, but if that person physically buys from 
>> your store, then GDPR does not apply.
>> -nik
>> 
>> 
>> 
>> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
>> 
>> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>> 
>> 1549 El Prado, Suite 8, San Diego, CA 92101
>> 
>> A non-profit technology collaboration connecting audiences to art, culture & 
>> science.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A >> > wrote:
>>> 
>>> Nik-
>>> Thanks for chiming in. We have a significant customer-base (ecommerce, 
>>> online/physical visitors and students) from the EU.  Our read is that any 
>>> transaction between a US organization and a citizen of the EU falls under 
>>> the GDPR, even the transactions take place on a server here in the US.
>>> -Scott
>>> 
>>> On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" 
>>>  on behalf of 
>>> nhoneys...@bpoc.org > wrote:
>>> 
>>>   Scott,
>>> 
>>>   Do you have a significant percentage of online sales or data capture in 
>>> the EU?
>>>   -nik
>>> 
>>>   
>>> 
>>>   Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
>>> 
>>> 
>>> 
>>>   M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>>>  >> >
>>>   1549 El Prado, Suite 8, San Diego, CA 92101
>>> 
>>>   A non-profit technology collaboration connecting audiences to art, 
>>> culture & science.
>>> 
>>>   
>>> 
>>> 
>>> 
>>> 
 On Feb 7, 2018, at 8:54 AM, Sayre , Scott A > wrote:
 
 Hi Folks-
 We are in the early stages of preparing a strategy to comply with the May 
 28th deadline for complying the EU’s General Data Protection Regulations 
 (https://www.eugdpr.org/  
 >).  Hoping most of you 
 are familiar with these requirements and may have some thoughts on how you 
 will be responding to them.  We are still working on defining requirements 
 vs. recommended practices and how and when we will be able to address 
 them.  It appears this could affect our user data practices in e-commerce, 
 blog, e-commerce (ticketing and retail), as well as CRM.
 I’d love to hear how others have begun to work on meeting these 
 regulations and if you have found any external expertise to guide you 
 through the process.
 Many thanks in advance.
 -Scott
 
 
 
 ___
 You are currently subscribed to mcn-l, the listserv of the Museum Computer 
 Network (http://www.mcn.edu )

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A

James-
My understanding is that quantity of transactions does not matter.  The main 
concern is security and customer control of any stored personal information on 
any system.
Best,
Scott

On 2/7/18, 2:27 PM, "mcn-l on behalf of Heck, James"  wrote:

I am awaiting for more details on this from our internal and outside
counsel as we too are reviewing impact as well.  However I thought that if
a EU citizen buys something even in person while in the US their data was
still in scope if you knew it was a EU citizen.  But I also believe that if
it is one person or many that the full system needs to comply with GDPR if
all on the same system.

James


--

*James J. Heck*Director of Technology
Information Technology
The Museum of Modern Art
11 West 53rd Street
New York, NY 10019
Single number reach: +1 212 708 9554
Trying to schedule a meeting with me?  Check my availability here


!

On Wed, Feb 7, 2018 at 2:23 PM, Nik Honeysett  wrote:

> Also, GDPR wouldn’t apply if they purchased from your website while they
> were in a hotel next door to you.
> -nik
>
> 
>
> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
>
>
> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  nhoneys...@bpoc.org>
> 1549 El Prado, Suite 8, San Diego, CA 92101
>
> A non-profit technology collaboration connecting audiences to art, culture
> & science.
>
> 
>
>
>
>
>
>
>
> > On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:
> >
> > My understanding is that GDPR is enforced based on the location of the
> transactee at the time of the transaction, irrespective of where the 
server
> is. So, if someone buys something from your website from Blighty, then 
GDPR
> is in effect for you and their PII, but if that person physically buys 
from
> your store, then GDPR does not apply.
> > -nik
> >
> > 
> >
> > Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org <
> http://www.bpoc.org/>
> > M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  nhoneys...@bpoc.org>
> > 1549 El Prado, Suite 8, San Diego, CA 92101
> >
> > A non-profit technology collaboration connecting audiences to art,
> culture & science.
> >
> > 
> >
> >
> >
> >
> >
> >
> >
> >> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A > wrote:
> >>
> >> Nik-
> >> Thanks for chiming in. We have a significant customer-base (ecommerce,
> online/physical visitors and students) from the EU.  Our read is that any
> transaction between a US organization and a citizen of the EU falls under
> the GDPR, even the transactions take place on a server here in the US.
> >> -Scott
> >>
> >> On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" <
> mcn-l-boun...@mcn.edu  on behalf of
> nhoneys...@bpoc.org > wrote:
> >>
> >>Scott,
> >>
> >>Do you have a significant percentage of online sales or data capture
> in the EU?
> >>-nik
> >>
> >>
> >>
> >>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org <
> http://www.bpoc.org/>
> >>
> >>
> >>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  nhoneys...@bpoc.org> >
> >>1549 El Prado, Suite 8, San Diego, CA 92101
> >>
> >>A non-profit technology collaboration connecting audiences to art,
> culture & science.
> >>
> >>
> >>
> >>
> >>
> >>
> >>> On Feb 7, 2018, at 8:54 AM, Sayre , Scott A  > wrote:
> >>>
> >>> Hi Folks-
> >>> We are in the early stages of preparing a strategy to comply with the
> May 28th deadline for complying the EU’s General Data Protection
> Regulations (https://www.eugdpr.org/  <
> https://www.eugdpr.org/ >).  Hoping most of you
> are familiar with these requirements and may have some thoughts on how you
> will be responding to

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A

Agree on both accounts.  We do sell  products, classes, tickets and juried art 
entries online with EU customers.  
-S

On 2/7/18, 2:23 PM, "mcn-l on behalf of Nik Honeysett"  wrote:

Also, GDPR wouldn’t apply if they purchased from your website while they 
were in a hotel next door to you.
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture 
& science.









> On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:
> 
> My understanding is that GDPR is enforced based on the location of the 
transactee at the time of the transaction, irrespective of where the server is. 
So, if someone buys something from your website from Blighty, then GDPR is in 
effect for you and their PII, but if that person physically buys from your 
store, then GDPR does not apply.
> -nik
> 
> 
> 
> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 

> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

> 1549 El Prado, Suite 8, San Diego, CA 92101
> 
> A non-profit technology collaboration connecting audiences to art, 
culture & science.
> 
> 
> 
> 
> 
> 
> 
> 
> 
>> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A > wrote:
>> 
>> Nik-
>> Thanks for chiming in. We have a significant customer-base (ecommerce, 
online/physical visitors and students) from the EU.  Our read is that any 
transaction between a US organization and a citizen of the EU falls under the 
GDPR, even the transactions take place on a server here in the US.
>> -Scott
>> 
>> On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" 
 on behalf of 
nhoneys...@bpoc.org > wrote:
>> 
>>Scott,
>> 
>>Do you have a significant percentage of online sales or data capture 
in the EU?
>>-nik
>> 
>>
>> 
>>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 

>> 
>> 
>>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
 >
>>1549 El Prado, Suite 8, San Diego, CA 92101
>> 
>>A non-profit technology collaboration connecting audiences to art, 
culture & science.
>> 
>>
>> 
>> 
>> 
>> 
>>> On Feb 7, 2018, at 8:54 AM, Sayre , Scott A > wrote:
>>> 
>>> Hi Folks-
>>> We are in the early stages of preparing a strategy to comply with the 
May 28th deadline for complying the EU’s General Data Protection Regulations 
(https://www.eugdpr.org/  >).  Hoping most of you are familiar with these 
requirements and may have some thoughts on how you will be responding to them.  
We are still working on defining requirements vs. recommended practices and how 
and when we will be able to address them.  It appears this could affect our 
user data practices in e-commerce, blog, e-commerce (ticketing and retail), as 
well as CRM.
>>> I’d love to hear how others have begun to work on meeting these 
regulations and if you have found any external expertise to guide you through 
the process.
>>> Many thanks in advance.
>>> -Scott
>>> 
>>> 
>>> 
>>> ___
>>> You are currently subscribed to mcn-l, the listserv of the Museum 
Computer Network (http://www.mcn.edu )
>>> 
>>> To post to this list, send messages to: mcn-l@mcn.edu 

>>> 
>>> To unsubscribe or change mcn-l delivery options visit:
>>> http://mcn.edu/mailman/listinfo/mcn-l 

>>> 
>>> The MCN-L archives can be found at:
>>> http://www.mail-archive.com/mcn-l@mcn.edu/
>> 
>>___
>>You are currently subscribed to mcn-l, the listserv of the Museum 
Computer Network (http://www.mcn.edu

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Heck, James

I am awaiting for more details on this from our internal and outside
counsel as we too are reviewing impact as well.  However I thought that if
a EU citizen buys something even in person while in the US their data was
still in scope if you knew it was a EU citizen.  But I also believe that if
it is one person or many that the full system needs to comply with GDPR if
all on the same system.

James


--

*James J. Heck*Director of Technology
Information Technology
The Museum of Modern Art
11 West 53rd Street
New York, NY 10019
Single number reach: +1 212 708 9554
Trying to schedule a meeting with me?  Check my availability here

!

On Wed, Feb 7, 2018 at 2:23 PM, Nik Honeysett  wrote:

> Also, GDPR wouldn’t apply if they purchased from your website while they
> were in a hotel next door to you.
> -nik
>
> 
>
> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org
>
>
> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  nhoneys...@bpoc.org>
> 1549 El Prado, Suite 8, San Diego, CA 92101
>
> A non-profit technology collaboration connecting audiences to art, culture
> & science.
>
> 
>
>
>
>
>
>
>
> > On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:
> >
> > My understanding is that GDPR is enforced based on the location of the
> transactee at the time of the transaction, irrespective of where the server
> is. So, if someone buys something from your website from Blighty, then GDPR
> is in effect for you and their PII, but if that person physically buys from
> your store, then GDPR does not apply.
> > -nik
> >
> > 
> >
> > Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org <
> http://www.bpoc.org/>
> > M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  nhoneys...@bpoc.org>
> > 1549 El Prado, Suite 8, San Diego, CA 92101
> >
> > A non-profit technology collaboration connecting audiences to art,
> culture & science.
> >
> > 
> >
> >
> >
> >
> >
> >
> >
> >> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A > wrote:
> >>
> >> Nik-
> >> Thanks for chiming in. We have a significant customer-base (ecommerce,
> online/physical visitors and students) from the EU.  Our read is that any
> transaction between a US organization and a citizen of the EU falls under
> the GDPR, even the transactions take place on a server here in the US.
> >> -Scott
> >>
> >> On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" <
> mcn-l-boun...@mcn.edu  on behalf of
> nhoneys...@bpoc.org > wrote:
> >>
> >>Scott,
> >>
> >>Do you have a significant percentage of online sales or data capture
> in the EU?
> >>-nik
> >>
> >>
> >>
> >>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org <
> http://www.bpoc.org/>
> >>
> >>
> >>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org  nhoneys...@bpoc.org> >
> >>1549 El Prado, Suite 8, San Diego, CA 92101
> >>
> >>A non-profit technology collaboration connecting audiences to art,
> culture & science.
> >>
> >>
> >>
> >>
> >>
> >>
> >>> On Feb 7, 2018, at 8:54 AM, Sayre , Scott A  > wrote:
> >>>
> >>> Hi Folks-
> >>> We are in the early stages of preparing a strategy to comply with the
> May 28th deadline for complying the EU’s General Data Protection
> Regulations (https://www.eugdpr.org/  <
> https://www.eugdpr.org/ >).  Hoping most of you
> are familiar with these requirements and may have some thoughts on how you
> will be responding to them.  We are still working on defining requirements
> vs. recommended practices and how and when we will be able to address
> them.  It appears this could affect our user data practices in e-commerce,
> blog, e-commerce (ticketing and retail), as well as CRM.
> >>> I’d love to hear how others have begun to work on meeting these
> regulations and if you have found any external expertise to guide you
> through the process.
> >>> Many thanks in advance.
> >>> -Scott
> >>>
> >>>
> >>>
> >>> ___
> >>> You are currently subscribed to mcn-l, the listserv of the Museum
> Computer Network (http://www.mcn.edu )
> >>>
> >>> To post to this list, send messages to: mcn-l@mcn.edu  mcn-l@mcn.edu>
> >>>
> >>> To unsubscribe or

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett

Also, GDPR wouldn’t apply if they purchased from your website while they were 
in a hotel next door to you.
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture & 
science.









> On Feb 7, 2018, at 11:20 AM, Nik Honeysett  wrote:
> 
> My understanding is that GDPR is enforced based on the location of the 
> transactee at the time of the transaction, irrespective of where the server 
> is. So, if someone buys something from your website from Blighty, then GDPR 
> is in effect for you and their PII, but if that person physically buys from 
> your store, then GDPR does not apply.
> -nik
> 
> 
> 
> Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
> 
> M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
> 
> 1549 El Prado, Suite 8, San Diego, CA 92101
> 
> A non-profit technology collaboration connecting audiences to art, culture & 
> science.
> 
> 
> 
> 
> 
> 
> 
> 
> 
>> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A > > wrote:
>> 
>> Nik-
>> Thanks for chiming in. We have a significant customer-base (ecommerce, 
>> online/physical visitors and students) from the EU.  Our read is that any 
>> transaction between a US organization and a citizen of the EU falls under 
>> the GDPR, even the transactions take place on a server here in the US.
>> -Scott
>> 
>> On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" 
>>  on behalf of 
>> nhoneys...@bpoc.org > wrote:
>> 
>>Scott,
>> 
>>Do you have a significant percentage of online sales or data capture in 
>> the EU?
>>-nik
>> 
>>
>> 
>>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
>> 
>> 
>> 
>>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>>  > >
>>1549 El Prado, Suite 8, San Diego, CA 92101
>> 
>>A non-profit technology collaboration connecting audiences to art, 
>> culture & science.
>> 
>>
>> 
>> 
>> 
>> 
>>> On Feb 7, 2018, at 8:54 AM, Sayre , Scott A >> > wrote:
>>> 
>>> Hi Folks-
>>> We are in the early stages of preparing a strategy to comply with the May 
>>> 28th deadline for complying the EU’s General Data Protection Regulations 
>>> (https://www.eugdpr.org/  >> >).  Hoping most of you are familiar with these 
>>> requirements and may have some thoughts on how you will be responding to 
>>> them.  We are still working on defining requirements vs. recommended 
>>> practices and how and when we will be able to address them.  It appears 
>>> this could affect our user data practices in e-commerce, blog, e-commerce 
>>> (ticketing and retail), as well as CRM.
>>> I’d love to hear how others have begun to work on meeting these regulations 
>>> and if you have found any external expertise to guide you through the 
>>> process.
>>> Many thanks in advance.
>>> -Scott
>>> 
>>> 
>>> 
>>> ___
>>> You are currently subscribed to mcn-l, the listserv of the Museum Computer 
>>> Network (http://www.mcn.edu )
>>> 
>>> To post to this list, send messages to: mcn-l@mcn.edu 
>>> 
>>> To unsubscribe or change mcn-l delivery options visit:
>>> http://mcn.edu/mailman/listinfo/mcn-l 
>>> 
>>> 
>>> The MCN-L archives can be found at:
>>> http://www.mail-archive.com/mcn-l@mcn.edu/
>> 
>>___
>>You are currently subscribed to mcn-l, the listserv of the Museum 
>> Computer Network (http://www.mcn.edu )
>> 
>>To post to this list, send messages to: mcn-l@mcn.edu 
>> 
>> 
>>To unsubscribe or change mcn-l delivery options visit:
>>http://mcn.edu/mailman/listinfo/mcn-l 
>> 
>> 
>>The MCN-L archives can be found at:
>>http://www.mail-archive.com/mcn-l@mcn.edu/ 
>> 
>> 
>> 
>> ___
>> You are currently subscribed to mcn-l, the

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett

My understanding is that GDPR is enforced based on the location of the 
transactee at the time of the transaction, irrespective of where the server is. 
So, if someone buys something from your website from Blighty, then GDPR is in 
effect for you and their PII, but if that person physically buys from your 
store, then GDPR does not apply.
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture & 
science.









> On Feb 7, 2018, at 11:15 AM, Sayre, Scott A  wrote:
> 
> Nik-
> Thanks for chiming in. We have a significant customer-base (ecommerce, 
> online/physical visitors and students) from the EU.  Our read is that any 
> transaction between a US organization and a citizen of the EU falls under the 
> GDPR, even the transactions take place on a server here in the US.
> -Scott
> 
> On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett" 
>  on behalf of 
> nhoneys...@bpoc.org > wrote:
> 
>Scott,
> 
>Do you have a significant percentage of online sales or data capture in 
> the EU?
>-nik
> 
>
> 
>Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org 
> 
> 
> 
>M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 
>   >
>1549 El Prado, Suite 8, San Diego, CA 92101
> 
>A non-profit technology collaboration connecting audiences to art, culture 
> & science.
> 
>
> 
> 
> 
> 
>> On Feb 7, 2018, at 8:54 AM, Sayre , Scott A  wrote:
>> 
>> Hi Folks-
>> We are in the early stages of preparing a strategy to comply with the May 
>> 28th deadline for complying the EU’s General Data Protection Regulations 
>> (https://www.eugdpr.org/ ).  Hoping most of you are 
>> familiar with these requirements and may have some thoughts on how you will 
>> be responding to them.  We are still working on defining requirements vs. 
>> recommended practices and how and when we will be able to address them.  It 
>> appears this could affect our user data practices in e-commerce, blog, 
>> e-commerce (ticketing and retail), as well as CRM.
>> I’d love to hear how others have begun to work on meeting these regulations 
>> and if you have found any external expertise to guide you through the 
>> process.
>> Many thanks in advance.
>> -Scott
>> 
>> 
>> 
>> ___
>> You are currently subscribed to mcn-l, the listserv of the Museum Computer 
>> Network (http://www.mcn.edu)
>> 
>> To post to this list, send messages to: mcn-l@mcn.edu
>> 
>> To unsubscribe or change mcn-l delivery options visit:
>> http://mcn.edu/mailman/listinfo/mcn-l
>> 
>> The MCN-L archives can be found at:
>> http://www.mail-archive.com/mcn-l@mcn.edu/
> 
>___
>You are currently subscribed to mcn-l, the listserv of the Museum Computer 
> Network (http://www.mcn.edu )
> 
>To post to this list, send messages to: mcn-l@mcn.edu 
> 
> 
>To unsubscribe or change mcn-l delivery options visit:
>http://mcn.edu/mailman/listinfo/mcn-l 
> 
> 
>The MCN-L archives can be found at:
>http://www.mail-archive.com/mcn-l@mcn.edu/ 
> 
> 
> 
> ___
> You are currently subscribed to mcn-l, the listserv of the Museum Computer 
> Network (http://www.mcn.edu )
> 
> To post to this list, send messages to: mcn-l@mcn.edu 
> 
> To unsubscribe or change mcn-l delivery options visit:
> http://mcn.edu/mailman/listinfo/mcn-l 
> 
> The MCN-L archives can be found at:
> http://www.mail-archive.com/mcn-l@mcn.edu/ 
> 
___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Sayre, Scott A

Nik-
Thanks for chiming in. We have a significant customer-base (ecommerce, 
online/physical visitors and students) from the EU.  Our read is that any 
transaction between a US organization and a citizen of the EU falls under the 
GDPR, even the transactions take place on a server here in the US.
-Scott

On 2/7/18, 12:35 PM, "mcn-l on behalf of Nik Honeysett"  wrote:

Scott,

Do you have a significant percentage of online sales or data capture in the 
EU?
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture 
& science.






> On Feb 7, 2018, at 8:54 AM, Sayre , Scott A  
wrote:
> 
> Hi Folks-
> We are in the early stages of preparing a strategy to comply with the May 
28th deadline for complying the EU’s General Data Protection Regulations 
(https://www.eugdpr.org/ ).  Hoping most of you are 
familiar with these requirements and may have some thoughts on how you will be 
responding to them.  We are still working on defining requirements vs. 
recommended practices and how and when we will be able to address them.  It 
appears this could affect our user data practices in e-commerce, blog, 
e-commerce (ticketing and retail), as well as CRM.
> I’d love to hear how others have begun to work on meeting these 
regulations and if you have found any external expertise to guide you through 
the process.
> Many thanks in advance.
> -Scott
> 
> 
> 
> ___
> You are currently subscribed to mcn-l, the listserv of the Museum 
Computer Network (http://www.mcn.edu)
> 
> To post to this list, send messages to: mcn-l@mcn.edu
> 
> To unsubscribe or change mcn-l delivery options visit:
> http://mcn.edu/mailman/listinfo/mcn-l
> 
> The MCN-L archives can be found at:
> http://www.mail-archive.com/mcn-l@mcn.edu/

___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/


___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

2018-02-07 Thread Nik Honeysett

Scott,

Do you have a significant percentage of online sales or data capture in the EU?
-nik



Nik Honeysett | Chief Executive Officer | BPOC | www.bpoc.org


M (805) 402-3326  P (619) 331-1974  E nhoneys...@bpoc.org 

1549 El Prado, Suite 8, San Diego, CA 92101

A non-profit technology collaboration connecting audiences to art, culture & 
science.






> On Feb 7, 2018, at 8:54 AM, Sayre , Scott A  wrote:
> 
> Hi Folks-
> We are in the early stages of preparing a strategy to comply with the May 
> 28th deadline for complying the EU’s General Data Protection Regulations 
> (https://www.eugdpr.org/ ).  Hoping most of you are 
> familiar with these requirements and may have some thoughts on how you will 
> be responding to them.  We are still working on defining requirements vs. 
> recommended practices and how and when we will be able to address them.  It 
> appears this could affect our user data practices in e-commerce, blog, 
> e-commerce (ticketing and retail), as well as CRM.
> I’d love to hear how others have begun to work on meeting these regulations 
> and if you have found any external expertise to guide you through the process.
> Many thanks in advance.
> -Scott
> 
> 
> 
> ___
> You are currently subscribed to mcn-l, the listserv of the Museum Computer 
> Network (http://www.mcn.edu)
> 
> To post to this list, send messages to: mcn-l@mcn.edu
> 
> To unsubscribe or change mcn-l delivery options visit:
> http://mcn.edu/mailman/listinfo/mcn-l
> 
> The MCN-L archives can be found at:
> http://www.mail-archive.com/mcn-l@mcn.edu/

___
You are currently subscribed to mcn-l, the listserv of the Museum Computer 
Network (http://www.mcn.edu)

To post to this list, send messages to: mcn-l@mcn.edu

To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l

The MCN-L archives can be found at:
http://www.mail-archive.com/mcn-l@mcn.edu/

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

Re: [MCN-L] Preparing for quickly approaching GDPR deadline

15 matches

Site Navigation

Mail list logo

Footer information