nanog mailing list archives

Re: Whois vs GDPR, latest news

From: Sander Steffann <sander () steffann nl>
Date: Sun, 27 May 2018 14:47:53 +0200

Hi,

Thanks for the clarification. But whether that fine will be less than 10M is extremely vague and (I guess?) left up 
to the opinions or whims of a Euro bureaucrat or judge panel, or something like that... based on very vague and 
subjective criteria. I've searched and nobody can seem to find any more specifics or assurances. Therefore, there is 
NOTHING that a very small business with a very small data breach or mistake, could point to... to give them 
confidence than their fine will be any less than 10M Euros, other than that "up to" wording - that is in the same 
sentence where it also clarifies "whichever is larger".

All these people in this discussion who are expressing opinions that penalties in such situations won't be nearly so 
bad - are expressing what may very with be "wishful thinking" that isn't rooted in reality.


Still on ec.europa.eu <http://ec.europa.eu/> they seem to try to reassure SMEs that the penalties will be 
“proportionate” both to the nature of the infringement and to the size to the company. It also seem to largely be 
related to whether you infringed the regulation in good faith or not. At least in France where I live the climate is 
pro-SMEs so I guess small mistakes will be forgiven. The head of our DPA also gave an interview recently saying that 
there will be no sanctions in the coming months and that they’re available to answer questions when in doubt about 
what to do.


That is also what I see in the Netherlands.

Lastly, our law firm told us that basically we have to wait until the first settlements to see what will be done…


True. Considering that GDPR is an EU regulation and that in general European culture is a lot less litigious than in 
the US I don't expect massive fines unless the infractions are malignant + persistent + performed by a large 
corporation. Smaller companies (or people) that make mistakes will not get fines that would bankrupt them. That's just 
not the way the justice system works on this side of the pond :)

Cheers,
Sander

Current thread:

Re: Whois vs GDPR, latest news, (continued)
- - - Re: Whois vs GDPR, latest news Owen DeLong (May 26)
    - Re: Whois vs GDPR, latest news Rob McEwen (May 26)
    - Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 26)
    - Re: Whois vs GDPR, latest news Seth Mattinen (May 26)
    - Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 26)
    - Re: Whois vs GDPR, latest news Rob McEwen (May 26)
    - Re: Whois vs GDPR, latest news JORDI PALET MARTINEZ via NANOG (May 26)
    - Re: Whois vs GDPR, latest news Rob McEwen (May 26)
    - Re: Whois vs GDPR, latest news JORDI PALET MARTINEZ via NANOG (May 27)
    - Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 27)
    - Re: Whois vs GDPR, latest news Sander Steffann (May 27)
    - Re: Whois vs GDPR, latest news Anne P. Mitchell Esq. (May 28)
    - Re: Whois vs GDPR, latest news Dan Hollis (May 26)
    - Re: Whois vs GDPR, latest news Royce Williams (May 26)
    - Re: Whois vs GDPR, latest news Dan Hollis (May 26)
    - Re: Whois vs GDPR, latest news Owen DeLong (May 27)
    - Re: Whois vs GDPR, latest news niels=nanog (May 27)
    - Re: Whois vs GDPR, latest news Stephen Satchell (May 27)
    - Re: Whois vs GDPR, latest news niels=nanog (May 27)
    - Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 27)
    - Re: Whois vs GDPR, latest news Sander Steffann (May 27)

(Thread continues...)