[NCSG-EC] Termination with our current host, and GDPR issues re transfer

Raphael Beauregard-Lacroix rbeauregardlacroix at gmail.com
Sat May 9 18:46:49 EEST 2020 

Hi all

So it is possible to terminate with Robhost. The next bill (for 12 months)
is due on June 17th. The ToS posted on their wesbite mention that we can
terminate by the end of the ongoing billing term, subject to notice period
(unspecified). Now presuming German law governs, that would be six weeks.
Now if you count, that means we'd be too late already.

In addition, Tapani has raised an issue regarding the GDPR-compliant
character of such a Germany-US data transfer. After a few hours (re)reading
the GDPR and looking into this, it appears to me that we NCSG as the
'controller' have to bind ourselves to provide our (EU, at least) members
with their GDPR rights, wherever the data may be. Given that we can do
that, there is no requirement for individualized consent by each member.

That brings up another issue which is that of Wapix as a processor (i.e. we
call the shots and they execute). They have been, and will continue to be.
Yet they do have to abide by the GDPR when it comes to their role as a
processor of personal data of EU persons. In turn, as controllers, we have
to make sure they do. I do not know what their stance is when it comes to
GDPR compliance. Couldnt find anything on their website; in any case I have
inquired with them and they usually come back quickly.

So here's my plan:

-Ensure that everything is GDPR-kosher on Wapix's side

-Attempt to negotiate a termination with Robhost; hopefully we manage to
reach an alternative solution which does not involve paying a full 12 months

-Make a post on the list regarding the transfer, reminding our members of
1) who is controller, who is processor, and what kind of processing is
being done, for what purposes, etc. 2) reminding them of their rights and
3) that the transfer will have no effect on these processings and purposes,
nor on their rights, and so that we will abide with any GDPR-bound request
by any member (and, for what it's worth, with any DPA request, although
honestly I hope we never get there. But who knows!)


Let me know of any comments, suggestions, issues, etc. And if you care
enough to have a more detailed legal reasoning as to what our obligations
are I'll happily provide.

Have a nice day,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-ec/attachments/20200509/e3c7e246/attachment.htm>

More information about the NCSG-EC mailing list