Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2385 posts

Uber Geek

Trusted

# 236073 16-May-2018 19:27
Send private message

For those who have websites, what are you going to do regarding the GDPR?

You have less than 10 days to implement something if you have any european visitors.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
4338 posts

Uber Geek


  # 2017127 16-May-2018 19:33
Send private message

This is a european law right?  So if a nz website stores the details of a european which does not comply with the GDPR, I don't see how the EU can do anything about it. 

 

Although I guess companies that have more significant business with the EU region would want to comply anyway to avoid any hassles. 

 

 

 

 


 
 
 
 




2385 posts

Uber Geek

Trusted

  # 2017133 16-May-2018 19:43
Send private message

surfisup1000:

This is a european law right?  So if a nz website stores the details of a european which does not comply with the GDPR, I don't see how the EU can do anything about it. 



But alas, you have to... I am not a lawyer but yes if you are dealing with any information regarding EU users like cookies/ip address/email address etc you have to do something.

If you have AdSense for example you can’t show the Ads until they consent to the cookies.

Although I guess companies that have more significant business with the EU region would want to comply anyway to avoid any hassles. 


 


 


6696 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2017139 16-May-2018 19:58
Send private message

I've seen several articles stating that it applies outside the EU but haven't been able to find any further details. If I don't comply with GDPR then what NZ law have I violated? If I haven't violated NZ law then how can I get in trouble for it if my servers and I are in NZ? Can someone clarify?

 

Edit: The only article I've been able to find so far that addresses the question directly is this one, which states that "in practice EU data protection regulators may find it difficult to enforce their decisions against organisations that do not have assets in the EU". It goes on to say that you're supposed to have a "representative" in an EU country that they can take action against, but again I don't know what would happen if you didn't have this representative.




2385 posts

Uber Geek

Trusted

  # 2017145 16-May-2018 20:05
Send private message

Here is the official information from NZTE.

https://www.privacy.org.nz/assets/Uploads/EUMR-The-principles-of-the-GDPR-09-2017.pdf

It basically says if you don’t understand, you should talk to your own lawyer.

People putting their head in the sand could cause them issues.

4338 posts

Uber Geek


  # 2019276 20-May-2018 10:47
One person supports this post
Send private message

https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12054476

 

As it was an EU law, Kiwi businesses didn't necessarily have to pay the fines.

 

But if a number of New Zealand companies flouted the law, Parry believed, it was possible that the EU could try to shame us.

 

As I thought, the EU have no jurisdiction to enforce this law in New Zealand. 

 

Although, international law is complex and detailed in various bi-lateral treaties and UN agreements. 

 

I think a foreign government can extradite as long as the foreign crime is also a crime here in New Zealand. And, breaching the GDPR is certainly not a crime here. 


15100 posts

Uber Geek

Trusted
Subscriber

  # 2019291 20-May-2018 11:09
One person supports this post
Send private message

Easiest thing to do is probably to block traffic from the EU.


 
 
 
 


1381 posts

Uber Geek

Subscriber

  # 2022477 25-May-2018 14:32
Send private message

timmmay:

 

Easiest thing to do is probably to block traffic from the EU.

 

 

Nope - you have then monitored IP addresses belonging to European Data residents.

 

 

 

Here is where I get a bit confused / worried.

 

I run web and mail and other servers.

 

I keep lists of ip addresses in my logs. This is a natural part of the Linux logs, Apache logs etc.

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

 

 

I use these ip addresses to ban crackers (authentication logs with so many fails in a period of time or use of invalid log in names)

 

I often report these attempts back to the IP providers ? ISPs / Mail providers they come from. I have now trafficked data across borders regarding European data residents.

 

 

 

I cant afford a European representative.

 

I cant afford to piddle around with a lawyer to figure out how this affects me

 

I don't care who views my site - I'm not selling stuff, but in order to provide a good service I might use GA or other analytic data to make decision such as putting a caching server /  CDN closer to frequent visitors.

 

I'm small enough that I wont get hit by these laws - but I'm still technically in breach of them as far as I can figure out - all because I have IP addresses in my logs and report dirt bags to their providers.

 

 

 

Hey wait up - I'm not European. How come I should be so worried about a law put out by a country I am not a part of? Maybe NZ could draft a law stating European dirt bags get fined $1000 per breach or 1/5th of what they are worth. After all if their laws apply to us then our laws should apply to them....

 

Also  - if i use a VPN exiting in a European country - doesn't that make me a European resident for legal data purposes?

 

 

 

 





nunz

4026 posts

Uber Geek


  # 2022483 25-May-2018 14:42
Send private message

surfisup1000:

 

I think a foreign government can extradite as long as the foreign crime is also a crime here in New Zealand. And, breaching the GDPR is certainly not a crime here. 

 

 

Wait until they are through negotiating the EU FTA, -

 

Its been publically quoted that the EU will expect compliance with GDPR in any future deals (and that will include NZ)

 

https://www.ft.com/content/e489abba-0dc5-11e8-8eb7-42f857ea9f09


Linux Systems Admin
1118 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2022500 25-May-2018 15:18
Send private message

So you run a small business online in New Zealand?

 

You are a nobody in the world.

 

Chances are they won't even waste their time.

 

But if you want some extra protection, operate through a Ltd company. Which is probably what you should do anyway.

 

nunz:

 

Here is where I get a bit confused / worried.

 

I run web and mail and other servers.

 

I keep lists of ip addresses in my logs. This is a natural part of the Linux logs, Apache logs etc.

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

 

By my reading of the law, you have a justifiable reason. The question is for how long is it justifiable?

 

1 week? 1 month? 1 year?

 

At that point just delete the logs. What point is old log information anyway?

 

Disclaimer - IANAL.





Integrity Tech Solutions @ Norsewood, New Zealand


234 posts

Master Geek

Lifetime subscriber

  # 2022506 25-May-2018 15:40
Send private message

MichaelNZ:

 

So you run a small business online in New Zealand?

 

You are a nobody in the world.

 

Chances are they won't even waste their time.

 

But if you want some extra protection, operate through a Ltd company. Which is probably what you should do anyway.

 

 

 

 

And have a clear privacy statement outlining what you collect and why along with an "agree to terms and conditions" tick box. We have reviewed and updated that and checked we are not collecting anything that we don't need to perform the service being offered. 


Linux Systems Admin
1118 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2022508 25-May-2018 15:42
Send private message

nutbugs:

 

And have a clear privacy statement outlining what you collect and why along with an "agree to terms and conditions" tick box. We have reviewed and updated that and checked we are not collecting anything that we don't need to perform the service being offered. 

 

 

Which is pretty much what I have done. I alreday had a privacy statement to comply with the Privacy Act and merchant (Visa/Mastercard) requirements.

 

 





Integrity Tech Solutions @ Norsewood, New Zealand


234 posts

Master Geek

Lifetime subscriber

  # 2022528 25-May-2018 16:18
Send private message

freitasm:

A good GDPR chart here.



Thanks. That is very useful! 🙂

6696 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2022538 25-May-2018 17:02
Send private message

nunz: Nope - you have then monitored IP addresses belonging to European Data residents.

 

[...]

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

This is bizarre. First of all, don't the IP addresses belong to the ISPs (or maybe the registrars; I'm not exactly sure)? Are companies considered to be "residents"?

 

And even then, in this age of CG-NAT, an IP address can't even identify a city let alone an individual. My connection has a static IP, but again it could identify anyone in my household and not me specifically.

 

It seems that once again we're dealing with politicians that don't understand technology...


 1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55


Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52


Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55


Bitcoin.com announces partnership with smartphone manufacturer HTC
Posted 16-Sep-2019 21:30


Finalists Announced for Microsoft NZ Partner Awards
Posted 16-Sep-2019 19:37


OPPO Showcases New CameraX Capabilities at Google Developer Days China 2019
Posted 15-Sep-2019 12:42


New Zealand PC Market returns to growth
Posted 15-Sep-2019 12:24


Home sensor charity director speaks about the preventable death which drives her to push for healthy homes
Posted 11-Sep-2019 08:46


Te ao Maori Minecraft world set to inspire Kiwi students
Posted 11-Sep-2019 08:43


Research reveals The Power of Games in New Zealand
Posted 11-Sep-2019 08:40


Ring Door View Cam now available in New Zealand
Posted 11-Sep-2019 08:38


Vodafone NZ to create X Squad
Posted 10-Sep-2019 10:25


Huawei nova 5T to be available 20th September
Posted 5-Sep-2019 11:55


Kogan.com launches prepay challenger brand Kogan Mobile in New Zealand
Posted 3-Sep-2019 11:42


Pagan Online available now
Posted 27-Aug-2019 20:22



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.