nanog mailing list archives
Re: Whois vs GDPR, latest news
From: Royce Williams <royce () techsolvency com>
Date: Sat, 26 May 2018 17:42:46 -0800
On Sat, May 26, 2018 at 4:57 PM Dan Hollis <goemon () sasami anime net> wrote:
I imagine small businesses who do a small percentage of revenue to EU citizens will simply decide to do zero percentage of revenue to EU citizens. The risk is simply too great.
That would be a shame. I would expect the level of effort to be roughly commensurate with A) the size of the org, and B) the risk inherent in what data is being collected, processed, stored, etc. I would also expect compliance to at least partially derive from vendor/cloud/outsource/whatever partners, many of whom should be scaled/scaling up to minimally comply. I would also not be surprised if laws of similar scope start to emerge in other countries. If so, taking your ball and going home won't be sustainable. If small, vulnerable orgs panic and can't realistically engage the risk, they may be selecting themselves out of the market - an "I encourage my competitors to do this" variant. Naively ... to counter potential panic, it would be awesome to crowdsource some kind of CC-licensed GDPR toolkit for small orgs. Something like a boilerplate privacy policy (perhaps generated by answers to questions), plus some simplified checklists, could go a long way - towards both compliance and actual security benefit. In a larger sense ... can any org - regardless of size - afford to not know their data, understand (at least at a high level) how it could be abused, know who is accessing it, manage it so that it can be verifiably purged, and enable their customers to self-manage their portion of it?? I'm personally a big fan of undue diligence and all, but we need to advocate for some ... realistic scaling of response. Royce
Current thread:
- Re: Whois vs GDPR, latest news, (continued)
- Re: Whois vs GDPR, latest news Seth Mattinen (May 26)
- Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 26)
- Re: Whois vs GDPR, latest news Rob McEwen (May 26)
- Re: Whois vs GDPR, latest news JORDI PALET MARTINEZ via NANOG (May 26)
- Re: Whois vs GDPR, latest news Rob McEwen (May 26)
- Re: Whois vs GDPR, latest news JORDI PALET MARTINEZ via NANOG (May 27)
- Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 27)
- Re: Whois vs GDPR, latest news Sander Steffann (May 27)
- Re: Whois vs GDPR, latest news Anne P. Mitchell Esq. (May 28)
- Re: Whois vs GDPR, latest news Dan Hollis (May 26)
- Re: Whois vs GDPR, latest news Royce Williams (May 26)
- Re: Whois vs GDPR, latest news Dan Hollis (May 26)
- Re: Whois vs GDPR, latest news Owen DeLong (May 27)
- Re: Whois vs GDPR, latest news niels=nanog (May 27)
- Re: Whois vs GDPR, latest news Stephen Satchell (May 27)
- Re: Whois vs GDPR, latest news niels=nanog (May 27)
- Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 27)
- Re: Whois vs GDPR, latest news Sander Steffann (May 27)
- Re: Whois vs GDPR, latest news Dan Hollis (May 23)
- Message not available
- Re: Whois vs GDPR, latest news John Levine (May 23)
- Re: Whois vs GDPR, latest news jeff murphy (May 24)