Re: GDPR Question - Part 2

[Todd Watson <todd () USG EDU>]

I agree, Ken. 

I think the scope includes all individuals located within physical EU territory. Thus, the regulation applies without 
distinction to residents, visitors, and citizens. It also appears to be in scope for persons outside the EU if their 
data is stored, processed, or maintained within the EU.

Regards,
Todd

---- 
Dr. W. Todd Watson, Sr., CISSP
Information Security Officer
Board of Regents of the University System of Georgia
Cybersecurity
706-583-2008

On 2/8/18, 5:04 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Ken Connelly" <SECURITY () LISTSERV 
EDUCAUSE EDU on behalf of ken.connelly () UNI EDU> wrote:

    On 2/8/18 3:55 PM, Jim Cheetham wrote:
    > Excerpts from Penn, Blake C's message of February 9, 2018 10:09 am:
    >> From my understanding, GDPR protections apply solely to EU residents,
    >> not citizens – that is, anyone actually in the EU and only while they
    >> are in the EU.
    >
    > Is that a formally-defined "Resident", or anyone who happens to simply
    > be on EU soil as part of a short-term visit or trip?
    >
    > -jim
    
    My understanding is the latter, e.g., a student on a study abroad visit
    or a professor traveling and doing research.
    
    -- 
    - Ken
    =================================================================
    Ken Connelly                       Director, Information Security
    Information Security Officer          University of Northern Iowa
    email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
    
    Any request to divulge your UNI password via e-mail is fraudulent!