[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Tapani Tarvainen
ncsg at tapani.tarvainen.info
Fri Feb 16 20:21:02 UTC 2018
On Fri, Feb 16, 2018 at 12:01:12PM -0800, John Horton via gnso-rds-pdp-wg (gnso-rds-pdp-wg at icann.org) wrote:
> I'm asking if registrars have received specific guidance, or can
> point to anything specific in the GDPR or any written document, indicating
> that you have to provide GDPR protections to all of your customers, even if
> they aren't in scope. In other words, I'm looking for a very clear
> statement along these lines from a DPA:
>
> As an EU company, even if your customer is a natural person in the US, you
> must provide them the same rights under the GDPR that an EU natural person
> would receive. Failure to do so is non-compliant with the GDPR.
Article 3 of the GDPR:
"1. This Regulation applies to the processing of personal data in the
context of the activities of an establishment of a controller or a
processor in the Union, regardless of whether the processing takes
place in the Union or not."
I read that to mean that if you are a company established in the EU,
GDPR applies regardless of where your customers are from.
--
Tapani Tarvainen
More information about the gnso-rds-pdp-wg
mailing list