Whois vs GDPR, latest news

Rob McEwen rob at invaluement.com
Sat May 26 19:04:55 UTC 2018


On 5/26/2018 2:36 PM, Michel 'ic' Luczak wrote:
> Original text from EU Commission:
> "Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher”
>
> -> Administrative fines_up to_  10M (or 2% if your 2% is higher than 10M).
>
> It’s a cap, not a minimum.


Thanks for the clarification. But whether that fine will be less than 
10M is extremely vague and (I guess?) left up to the opinions or whims 
of a Euro bureaucrat or judge panel, or something like that... based on 
very vague and subjective criteria. I've searched and nobody can seem to 
find any more specifics or assurances. Therefore, there is NOTHING that 
a very small business with a very small data breach or mistake, could 
point to... to give them confidence than their fine will be any less 
than 10M Euros, other than that "up to" wording - that is in the same 
sentence where it also clarifies "whichever is larger".

All these people in this discussion who are expressing opinions that 
penalties in such situations won't be nearly so bad - are expressing 
what may very with be "wishful thinking" that isn't rooted in reality.

-- 
Rob McEwen
https://www.invaluement.com
  




More information about the NANOG mailing list