{"id":5272,"date":"2018-06-05T20:05:00","date_gmt":"2018-06-05T20:05:00","guid":{"rendered":"https:\/\/really.zonky.org\/?p=5272"},"modified":"2018-06-05T20:05:00","modified_gmt":"2018-06-05T20:05:00","slug":"no-it-wasnt-a-gdpr-hissy-fit-but-a-hardware-fault","status":"publish","type":"post","link":"https:\/\/really.zonky.org\/?p=5272","title":{"rendered":"No It Wasn’t a GDPR Hissy Fit But A Hardware Fault"},"content":{"rendered":"

As the subject says, this blog has been offline for just over a week because of a hardware failure. Just when I wanted to moan about all the GDPR hissy fits that people are throwing.<\/p>\n

Noticed some websites are blocking you because of the GDPR?<\/p>\n

That’s the hissy fit. Seems that some international web site operators who previously assumed that GDPR didn’t apply to them, are suddenly realising that it does. Which is an indication that they have been impersonating an ostrich for a couple of years now.<\/p>\n

Smaller businesses get a free pass on that one, but any reasonably sized company should have been aware of GDPR by now. It was put in place and\u00a0deliberately<\/em> put on hold for two years to allow people to get started with complying with GDPR. Anyone involved in the security business has been hearing “GDPR” for over two years now.<\/p>\n

So there are those who claim they’ve not heard of it, and are now panicking and trying to catch up, making a mountain out of a molehill, and claiming that it’s a dumb law. Technically it isn’t actually a law but an EU regulation that member states are required to make law.<\/p>\n

Anyway onto some of the biggest arguments against the GDPR …<\/p>\n

The Whois Question<\/h2>\n

This is a great example of what happens when you ignore a situation and then panic.<\/p>\n

When you register a domain (such as\u00a0zonky.org<\/em>) or a netblock (a set of IP addresses), you are expected to provide contact details for the individual(s) involved in the registration process – to allow for billing, and contact to be made in the event of operational issues.<\/p>\n

Storing that information is perfectly reasonable.<\/p>\n

Publishing that information is perfectly reasonable given informed consent.<\/p>\n

Ideally the domain registration would offer a choice to the registrant – public listing of personal details, public listing of role contact information, or public listing of indirect contacts (i.e. keeping the contact details private).<\/p>\n

There is a German court case decision saying that it isn’t necessary to have contact information for registering a domain; all I can say is that the German court obviously didn’t have the full facts.<\/p>\n

GDPR’s “Right To Be Forgotten”<\/h2>\n

One of the misconceptions is that the “right to be forgotten” is an absolute human right; for a start it’s not a a human right, but a right under the law. And it is not absolute; the text of the GDPR includes numerous exceptions to the right to be forgotten, such as :-<\/p>\n