Re: Whois vs GDPR, latest news

2018-05-26 Thread Dan Hollis
On Sat, 26 May 2018, Royce Williams wrote: Naively ... to counter potential panic, it would be awesome to crowdsource some kind of CC-licensed GDPR toolkit for small orgs. Something like a boilerplate privacy policy (perhaps generated by answers to questions), plus some simplified checklists,

Re: Whois vs GDPR, latest news

2018-05-26 Thread Royce Williams
On Sat, May 26, 2018 at 4:57 PM Dan Hollis wrote: > I imagine small businesses who do a small percentage of revenue to EU > citizens will simply decide to do zero percentage of revenue to EU > citizens. The risk is simply too great. That would be a shame. I would expect

Re: Whois vs GDPR, latest news

2018-05-26 Thread Dan Hollis
On Sat, 26 May 2018, Seth Mattinen wrote: On 5/24/18 4:21 PM, Anne P. Mitchell Esq. wrote: Actually, GDPR specifically requires processors to include statements of compliance right in their contracts; we also strongly recommend that controllers insist on indemnification clauses in their

Re: Whois vs GDPR, latest news

2018-05-26 Thread valdis . kletnieks
On Sat, 26 May 2018 10:31:29 +0200, "Michel 'ic' Luczak" said: > "When the regulation does not apply > Your company is service provider based outside the EU. It provides services > to customers outside the EU. Its clients can use its services when they > travel > to other countries, including

Re: Whois vs GDPR, latest news

2018-05-26 Thread Rob McEwen
On 5/26/2018 3:36 PM, JORDI PALET MARTINEZ via NANOG wrote: Talking from the experience because the previous laws in Spain, LOPD and LSSI Jordi, LOPD/LSSI does not = GDPR But even if there was a probability that GDPR would operate like they do: (1) it is alarming that the fines mentioned on

Re: Whois vs GDPR, latest news

2018-05-26 Thread JORDI PALET MARTINEZ via NANOG
Talking from the experience because the previous laws in Spain, LOPD and LSSI (which basically was the same across the different EU countries). They had "maximum" fines (it was 600.000 Euros). They start for small law infringement with 600 euros, 1.500 euros, unless is something very severe,

Re: Whois vs GDPR, latest news

2018-05-26 Thread Florian Weimer
* Mark Andrews: > Domain whois is absolutely useful. Try contacting a site to report > that their nameservers are hosed without it. A lot of WHOIS servers do not show who's running the name servers, or who maintains the data served by them. Those that do usually provide information which is

Re: Whois vs GDPR, latest news

2018-05-26 Thread Rob McEwen
On 5/26/2018 2:36 PM, Michel 'ic' Luczak wrote: Original text from EU Commission: "Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual

Re: Whois vs GDPR, latest news

2018-05-26 Thread Michel 'ic' Luczak
> On 26 May 2018, at 20:28, Seth Mattinen wrote: > > > > On 5/26/18 8:15 PM, Michel 'ic' Luczak wrote: >> The two levels depend on the nature of the infringement, but it says clearly >> “up to 10M” (or 2% of your worldwide revenue, whichever is bigger) for the >> “less

Re: Whois vs GDPR, latest news

2018-05-26 Thread Seth Mattinen
On 5/26/18 8:15 PM, Michel 'ic' Luczak wrote: The two levels depend on the nature of the infringement, but it says clearly “up to 10M” (or 2% of your worldwide revenue, whichever is bigger) for the “less serious” infringements. So no, there is no minimum fine actually. To me that says the

Re: Whois vs GDPR, latest news

2018-05-26 Thread Michel 'ic' Luczak
> On 26 May 2018, at 19:37, Rob McEwen wrote: > > The *MINIMUM* fine is 10M euros. > > SEE: https://www.gdpreu.org/compliance/fines-and-penalties/ > The two levels depend on the nature of the infringement, but it

Re: Whois vs GDPR, latest news

2018-05-26 Thread Rob McEwen
On 5/26/2018 12:29 PM, JORDI PALET MARTINEZ via NANOG wrote: I don't recall right now the exact details about how they calculate the fine The *MINIMUM* fine is 10M euros. SEE: https://www.gdpreu.org/compliance/fines-and-penalties/ This is true no matter how small the business, and

Re: Whois vs GDPR, latest news

2018-05-26 Thread Owen DeLong
I’m not sure that’s true. I think that the notice is sufficient to indicate that I have no intention to have EU persons visiting my web site and thus should not be subject to their extraterritorial overreach. Obviously time will tell what happens. Owen > On May 26, 2018, at 09:29 , JORDI

Re: Whois vs GDPR, latest news

2018-05-26 Thread JORDI PALET MARTINEZ via NANOG
I don't recall right now the exact details about how they calculate the fine, which is appropriate for each case, but the 4% of turnover or 20 million Euros is just the maximum amount (per case). I'm sure there is something already documented, about that, or may be is each country DPA the one

Re: Juniper BGP Convergence Time

2018-05-26 Thread Baldur Norddahl
Add a static default route on both routers. This will be invalidated as soon the interface goes down. Should be faster than relying on the BGP process on withdrawing the route. Also does not require any config changes at your upstreams. Regards Baldur ons. 16. maj 2018 18.52 skrev Adam Kajtar

Re: Whois vs GDPR, latest news

2018-05-26 Thread Seth Mattinen
On 5/26/18 1:30 PM, JORDI PALET MARTINEZ via NANOG wrote: I don't think, in general the DPAs need to use lawsuits. If they discover (by their own, or by means of a customer claim) that a company (never mind is from the EU or outside) is not following the GDPR, they will just fine it and the

Re: Whois vs GDPR, latest news

2018-05-26 Thread JORDI PALET MARTINEZ via NANOG
I don't think, in general the DPAs need to use lawsuits. If they discover (by their own, or by means of a customer claim) that a company (never mind is from the EU or outside) is not following the GDPR, they will just fine it and the corresponding government authorities are the responsible to

Re: Whois vs GDPR, latest news

2018-05-26 Thread Nick Hilliard
Seth Mattinen wrote on 26/05/2018 08:41: Good luck getting multiple millions worth of fines out of small businesses that never even touch a million a year in revenue, let alone the added expenses of trying to do all the crap GDPR thinks everyone can suddenly afford out of nowhere. You can

Re: Whois vs GDPR, latest news

2018-05-26 Thread Michel 'ic' Luczak
> On 23 May 2018, at 19:12, Anne P. Mitchell Esq. wrote: > > > >> On May 23, 2018, at 11:05 AM, K. Scott Helms wrote: >> >> Yep, if you're doing a decent job around securing data then you don't have >> much to be worried about on that side of

Re: Whois vs GDPR, latest news

2018-05-26 Thread Seth Mattinen
On 5/24/18 4:21 PM, Anne P. Mitchell Esq. wrote: Actually, GDPR specifically requires processors to include statements of compliance right in their contracts; we also strongly recommend that controllers insist on indemnification clauses in their contracts with processors, because if the