Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


2355 posts

Uber Geek
+1 received by user: 374

Trusted

Topic # 236073 16-May-2018 19:27
Send private message

For those who have websites, what are you going to do regarding the GDPR?

You have less than 10 days to implement something if you have any european visitors.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
3770 posts

Uber Geek
+1 received by user: 1222


  Reply # 2017127 16-May-2018 19:33
Send private message

This is a european law right?  So if a nz website stores the details of a european which does not comply with the GDPR, I don't see how the EU can do anything about it. 

 

Although I guess companies that have more significant business with the EU region would want to comply anyway to avoid any hassles. 

 

 

 

 


BDFL - Memuneh
61303 posts

Uber Geek
+1 received by user: 12043

Administrator
Trusted
Geekzone
Lifetime subscriber



2355 posts

Uber Geek
+1 received by user: 374

Trusted

  Reply # 2017133 16-May-2018 19:43
Send private message

surfisup1000:

This is a european law right?  So if a nz website stores the details of a european which does not comply with the GDPR, I don't see how the EU can do anything about it. 



But alas, you have to... I am not a lawyer but yes if you are dealing with any information regarding EU users like cookies/ip address/email address etc you have to do something.

If you have AdSense for example you can’t show the Ads until they consent to the cookies.

Although I guess companies that have more significant business with the EU region would want to comply anyway to avoid any hassles. 


 


 


6287 posts

Uber Geek
+1 received by user: 1068

Trusted
Lifetime subscriber

  Reply # 2017139 16-May-2018 19:58
Send private message

I've seen several articles stating that it applies outside the EU but haven't been able to find any further details. If I don't comply with GDPR then what NZ law have I violated? If I haven't violated NZ law then how can I get in trouble for it if my servers and I are in NZ? Can someone clarify?

 

Edit: The only article I've been able to find so far that addresses the question directly is this one, which states that "in practice EU data protection regulators may find it difficult to enforce their decisions against organisations that do not have assets in the EU". It goes on to say that you're supposed to have a "representative" in an EU country that they can take action against, but again I don't know what would happen if you didn't have this representative.




2355 posts

Uber Geek
+1 received by user: 374

Trusted

  Reply # 2017145 16-May-2018 20:05
Send private message

Here is the official information from NZTE.

https://www.privacy.org.nz/assets/Uploads/EUMR-The-principles-of-the-GDPR-09-2017.pdf

It basically says if you don’t understand, you should talk to your own lawyer.

People putting their head in the sand could cause them issues.

3770 posts

Uber Geek
+1 received by user: 1222


  Reply # 2019276 20-May-2018 10:47
One person supports this post
Send private message

https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12054476

 

As it was an EU law, Kiwi businesses didn't necessarily have to pay the fines.

 

But if a number of New Zealand companies flouted the law, Parry believed, it was possible that the EU could try to shame us.

 

As I thought, the EU have no jurisdiction to enforce this law in New Zealand. 

 

Although, international law is complex and detailed in various bi-lateral treaties and UN agreements. 

 

I think a foreign government can extradite as long as the foreign crime is also a crime here in New Zealand. And, breaching the GDPR is certainly not a crime here. 


14138 posts

Uber Geek
+1 received by user: 2544

Trusted
Subscriber

  Reply # 2019291 20-May-2018 11:09
One person supports this post
Send private message

Easiest thing to do is probably to block traffic from the EU.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


1229 posts

Uber Geek
+1 received by user: 251

Subscriber

  Reply # 2022477 25-May-2018 14:32
Send private message

timmmay:

 

Easiest thing to do is probably to block traffic from the EU.

 

 

Nope - you have then monitored IP addresses belonging to European Data residents.

 

 

 

Here is where I get a bit confused / worried.

 

I run web and mail and other servers.

 

I keep lists of ip addresses in my logs. This is a natural part of the Linux logs, Apache logs etc.

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

 

 

I use these ip addresses to ban crackers (authentication logs with so many fails in a period of time or use of invalid log in names)

 

I often report these attempts back to the IP providers ? ISPs / Mail providers they come from. I have now trafficked data across borders regarding European data residents.

 

 

 

I cant afford a European representative.

 

I cant afford to piddle around with a lawyer to figure out how this affects me

 

I don't care who views my site - I'm not selling stuff, but in order to provide a good service I might use GA or other analytic data to make decision such as putting a caching server /  CDN closer to frequent visitors.

 

I'm small enough that I wont get hit by these laws - but I'm still technically in breach of them as far as I can figure out - all because I have IP addresses in my logs and report dirt bags to their providers.

 

 

 

Hey wait up - I'm not European. How come I should be so worried about a law put out by a country I am not a part of? Maybe NZ could draft a law stating European dirt bags get fined $1000 per breach or 1/5th of what they are worth. After all if their laws apply to us then our laws should apply to them....

 

Also  - if i use a VPN exiting in a European country - doesn't that make me a European resident for legal data purposes?

 

 

 

 





nunz

3369 posts

Uber Geek
+1 received by user: 917


  Reply # 2022483 25-May-2018 14:42
Send private message

surfisup1000:

 

I think a foreign government can extradite as long as the foreign crime is also a crime here in New Zealand. And, breaching the GDPR is certainly not a crime here. 

 

 

Wait until they are through negotiating the EU FTA, -

 

Its been publically quoted that the EU will expect compliance with GDPR in any future deals (and that will include NZ)

 

https://www.ft.com/content/e489abba-0dc5-11e8-8eb7-42f857ea9f09


Linux Systems Admin
911 posts

Ultimate Geek
+1 received by user: 149

Trusted
Integrity Tech Solutions
Subscriber

  Reply # 2022500 25-May-2018 15:18
Send private message

So you run a small business online in New Zealand?

 

You are a nobody in the world.

 

Chances are they won't even waste their time.

 

But if you want some extra protection, operate through a Ltd company. Which is probably what you should do anyway.

 

nunz:

 

Here is where I get a bit confused / worried.

 

I run web and mail and other servers.

 

I keep lists of ip addresses in my logs. This is a natural part of the Linux logs, Apache logs etc.

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

 

By my reading of the law, you have a justifiable reason. The question is for how long is it justifiable?

 

1 week? 1 month? 1 year?

 

At that point just delete the logs. What point is old log information anyway?

 

Disclaimer - IANAL.


221 posts

Master Geek
+1 received by user: 23

Lifetime subscriber

  Reply # 2022506 25-May-2018 15:40
Send private message

MichaelNZ:

 

So you run a small business online in New Zealand?

 

You are a nobody in the world.

 

Chances are they won't even waste their time.

 

But if you want some extra protection, operate through a Ltd company. Which is probably what you should do anyway.

 

 

 

 

And have a clear privacy statement outlining what you collect and why along with an "agree to terms and conditions" tick box. We have reviewed and updated that and checked we are not collecting anything that we don't need to perform the service being offered. 


Linux Systems Admin
911 posts

Ultimate Geek
+1 received by user: 149

Trusted
Integrity Tech Solutions
Subscriber

  Reply # 2022508 25-May-2018 15:42
Send private message

nutbugs:

 

And have a clear privacy statement outlining what you collect and why along with an "agree to terms and conditions" tick box. We have reviewed and updated that and checked we are not collecting anything that we don't need to perform the service being offered. 

 

 

Which is pretty much what I have done. I alreday had a privacy statement to comply with the Privacy Act and merchant (Visa/Mastercard) requirements.

 

 


221 posts

Master Geek
+1 received by user: 23

Lifetime subscriber

  Reply # 2022528 25-May-2018 16:18
Send private message

freitasm:

A good GDPR chart here.



Thanks. That is very useful! 🙂

6287 posts

Uber Geek
+1 received by user: 1068

Trusted
Lifetime subscriber

  Reply # 2022538 25-May-2018 17:02
Send private message

nunz: Nope - you have then monitored IP addresses belonging to European Data residents.

 

[...]

 

According to the GDPR IP addresses constitute identifiable data that comes under their legislation

 

This is bizarre. First of all, don't the IP addresses belong to the ISPs (or maybe the registrars; I'm not exactly sure)? Are companies considered to be "residents"?

 

And even then, in this age of CG-NAT, an IP address can't even identify a city let alone an individual. My connection has a static IP, but again it could identify anyone in my household and not me specifically.

 

It seems that once again we're dealing with politicians that don't understand technology...


 1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.