[NCSG-EC] Fwd: Re: Termination with our current host, and GDPR issues re transfer
Stephanie Perrin
stephanie at digitaldiscretion.ca
Sat May 9 19:04:02 EEST 2020
-------- Forwarded Message --------
Subject: Re: [NCSG-EC] Termination with our current host, and GDPR
issues re transfer
Date: Sat, 9 May 2020 12:00:57 -0400
From: Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>
To: ncsg-ec at lists.ncsg.is
I am so sorry we delayed on this, Raphael! My fault.
I rather doubt that a Colorado IT firm is GDPR compliant. I also rather
doubt that it applies to NCSG as we are an informal association. Not an
NGO. So more like a bowling league or a bridge club (deliberately
selecting 50's era clubs). But if you think belonging to NCSG is a
covered activity, fire away, I am interested in the legal reasoning.
(this opinion of course by means reflects my concerns about our privacy
policies, as yet not form
On 2020-05-09 11:46 a.m., Raphael Beauregard-Lacroix via NCSG-EC wrote:
> Hi all
>
> So it is possible to terminate with Robhost. The next bill (for 12
> months) is due on June 17th. The ToS posted on their wesbite mention
> that we can terminate by the end of the ongoing billing term, subject
> to notice period (unspecified). Now presuming German law governs, that
> would be six weeks. Now if you count, that means we'd be too late already.
>
> In addition, Tapani has raised an issue regarding the GDPR-compliant
> character of such a Germany-US data transfer. After a few hours
> (re)reading the GDPR and looking into this, it appears to me that we
> NCSG as the 'controller' have to bind ourselves to provide our (EU, at
> least) members with their GDPR rights, wherever the data may be. Given
> that we can do that, there is no requirement for individualized
> consent by each member.
>
> That brings up another issue which is that of Wapix as a processor
> (i.e. we call the shots and they execute). They have been, and will
> continue to be. Yet they do have to abide by the GDPR when it comes to
> their role as a processor of personal data of EU persons. In turn, as
> controllers, we have to make sure they do. I do not know what their
> stance is when it comes to GDPR compliance. Couldnt find anything on
> their website; in any case I have inquired with them and they usually
> come back quickly.
>
> So here's my plan:
>
> -Ensure that everything is GDPR-kosher on Wapix's side
>
> -Attempt to negotiate a termination with Robhost; hopefully we manage
> to reach an alternative solution which does not involve paying a full
> 12 months
>
> -Make a post on the list regarding the transfer, reminding our members
> of 1) who is controller, who is processor, and what kind of processing
> is being done, for what purposes, etc. 2) reminding them of their
> rights and 3) that the transfer will have no effect on these
> processings and purposes, nor on their rights, and so that we will
> abide with any GDPR-bound request by any member (and, for what it's
> worth, with any DPA request, although honestly I hope we never get
> there. But who knows!)
>
>
> Let me know of any comments, suggestions, issues, etc. And if you care
> enough to have a more detailed legal reasoning as to what our
> obligations are I'll happily provide.
>
> Have a nice day,
>
> _______________________________________________
> NCSG-EC mailing list
> NCSG-EC at lists.ncsg.is
> https://lists.ncsg.is/mailman/listinfo/ncsg-ec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncsg.is/pipermail/ncsg-ec/attachments/20200509/4b842950/attachment.htm>
More information about the NCSG-EC
mailing list