Educause Security Discussion mailing list archives
Re: GDPR Question - Part 2
From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Thu, 8 Feb 2018 23:16:34 +0000
I'm certainly not a lawyer, but I've been listening to a lot of them over the past several months. It's my understanding that yes, the scope is formally defined as any resident of the EU (where 'resident' is anticipated to mean 'currently physically present'). But I'm not so sure about the "without distinction" clause. Practically speaking, while a student on a study-abroad semester or even a university-supported vacation trip might fall within scope, that's not going to be the kind of thing that raises a lot of attention from enforcers, compared to a more permanent university presence like an ongoing partnership or EU facility or regular student exchange. Steve ================================ Steven Lovaas University Information Security Officer Colorado State University steven.lovaas () colostate edu<mailto:steven.lovaas () colostate edu> 970-297-3707 Mit der Dummheit kämpfen Götter selbst vergebens. ================================ ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Todd Watson <todd () USG EDU> Sent: Thursday, February 8, 2018 3:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] GDPR Question - Part 2 I agree, Ken. I think the scope includes all individuals located within physical EU territory. Thus, the regulation applies without distinction to residents, visitors, and citizens. It also appears to be in scope for persons outside the EU if their data is stored, processed, or maintained within the EU. Regards, Todd ---- Dr. W. Todd Watson, Sr., CISSP Information Security Officer Board of Regents of the University System of Georgia Cybersecurity 706-583-2008 On 2/8/18, 5:04 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Ken Connelly" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of ken.connelly () UNI EDU> wrote: On 2/8/18 3:55 PM, Jim Cheetham wrote: > Excerpts from Penn, Blake C's message of February 9, 2018 10:09 am: >> From my understanding, GDPR protections apply solely to EU residents, >> not citizens – that is, anyone actually in the EU and only while they >> are in the EU. > > Is that a formally-defined "Resident", or anyone who happens to simply > be on EU soil as part of a short-term visit or trip? > > -jim My understanding is the latter, e.g., a student on a study abroad visit or a professor traveling and doing research. -- - Ken ================================================================= Ken Connelly Director, Information Security Information Security Officer University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Re: GDPR Question - Part 2, (continued)
- Re: GDPR Question - Part 2 Hart, Michael (Feb 08)
- Re: GDPR Question - Part 2 Madl, Michael (Feb 08)
- Re: GDPR Question - Part 2 Karl Kowalski (Feb 08)
- Re: GDPR Question - Part 2 Madl, Michael (Feb 08)
- Re: GDPR Question - Part 2 Madl, Michael (Feb 08)
- Re: GDPR Question - Part 2 Brad Judy (Feb 08)
- Re: GDPR Question - Part 2 Penn, Blake C (Feb 08)
- Re: GDPR Question - Part 2 Ken Connelly (Feb 08)
- Message not available
- Re: GDPR Question - Part 2 Jim Cheetham (Feb 08)
- Re: GDPR Question - Part 2 Ken Connelly (Feb 08)
- Re: GDPR Question - Part 2 Todd Watson (Feb 08)
- Re: GDPR Question - Part 2 Lovaas,Steven (Feb 08)
- Re: GDPR Question - Part 2 Todd Watson (Feb 09)
- Re: GDPR Question - Part 2 Hart, Michael (Feb 08)