On Fri, Feb 16, 2018 at 12:01:12PM -0800, John Horton via gnso-rds-pdp-wg (gnso-rds-pdp-wg@icann.org) wrote:
I'm asking if registrars have received specific guidance, or can point to anything specific in the GDPR or any written document, indicating that you have to provide GDPR protections to all of your customers, even if they aren't in scope. In other words, I'm looking for a very clear statement along these lines from a DPA:
As an EU company, even if your customer is a natural person in the US, you must provide them the same rights under the GDPR that an EU natural person would receive. Failure to do so is non-compliant with the GDPR.
Article 3 of the GDPR: "1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not." I read that to mean that if you are a company established in the EU, GDPR applies regardless of where your customers are from. -- Tapani Tarvainen