Author Topic: GDPR and the forum  (Read 1154 times)

greenstreet

  • Hero Member
  • *****
  • Posts: 3192
  • Same beat
    • View Profile
Re: GDPR and the forum
« Reply #40 on: May 23, 2018, 06:53:06 AM »
We've also been confused over this at JTG.
I've had a lot of e mails from companies that are just updating their "privacy policy" and telling you that it's available on their website. No need to do anything else as long as there is an option to opt out if the customer wishes.

I think the link from the Laird seems to make sense.

The whole thing has been a shambles in my opinion.


In fact, all the last emails I've received (John Smedley for instance) just provide links to the updated data policy, no need even to opt in, so maybe that's the way to follow for the forum.

Modculture

  • Administrator
  • Sr. Member
  • *****
  • Posts: 279
    • View Profile
    • Modculture
Re: GDPR and the forum
« Reply #41 on: May 23, 2018, 09:55:52 AM »
Right, going to take the forum off public viewing for now and work out a solution of some kind. Might have to do a big upgrade at some point. But not right now as I'm snowed under. Might delete everyone who hasn't signed in for a period of time too.
Owner/dogsbody - Modculture

Rod

  • Hero Member
  • *****
  • Posts: 1501
  • Style in the Modern World
    • View Profile
Re: GDPR and the forum
« Reply #42 on: May 23, 2018, 12:07:25 PM »
We've also been confused over this at JTG.
I've had a lot of e mails from companies that are just updating their "privacy policy" and telling you that it's available on their website. No need to do anything else as long as there is an option to opt out if the customer wishes.

I think the link from the Laird seems to make sense.

The whole thing has been a shambles in my opinion.



In fact, all the last emails I've received (John Smedley for instance) just provide links to the updated data policy, no need even to opt in, so maybe that's the way to follow for the forum.

Yeah same for me. Several e mails from web stores etc just linking to their data policy, I keep expecting an ‘opt in’ button but usually not there.

greenstreet

  • Hero Member
  • *****
  • Posts: 3192
  • Same beat
    • View Profile
Re: GDPR and the forum
« Reply #43 on: May 23, 2018, 04:11:28 PM »
Right, going to take the forum off public viewing for now and work out a solution of some kind.


Does it mean we members will still be able to access, Dave?

Becky_Moffitt_83

  • Jr. Member
  • **
  • Posts: 96
  • Mod Goddess... enough said!
    • View Profile
Re: GDPR and the forum
« Reply #44 on: May 23, 2018, 04:25:55 PM »
Right, going to take the forum off public viewing for now and work out a solution of some kind. Might have to do a big upgrade at some point. But not right now as I'm snowed under. Might delete everyone who hasn't signed in for a period of time too.

That actually wouldn't be a bad idea and you've proven time and again Dave, it's a massive job to maintain over the many years and many renewals of this Forum.
I've only just began posting again because I've been dealing with a lot of personal dramas since the start of the year - including a mate's sudden suicide - and still trying to deal with it.
Whatever you decide to do, you have my support from across the miles...

Bec

(Mod Goddess)
“The fashionable woman wears clothes. The clothes don't wear her.” Mary Quant

Modculture

  • Administrator
  • Sr. Member
  • *****
  • Posts: 279
    • View Profile
    • Modculture
Re: GDPR and the forum
« Reply #45 on: May 24, 2018, 09:28:35 AM »
I also asked on the Sunderland ready to go message board (which is massive and has a huge readership - curiously discussion about SAFC is only a small part!! - what they were doing and the answer was basically nothing. While they understand people like Dave being paranoid about receiving hefty fines for non compliance, the owner seems to think that message boards like his (and this one) are not likely to be in the firing line so he’s just ignoring it.

I met the guy who ran that once at a Google event (I think). If he still uses Google ads, ignoring is likely to get him into serious bother. Google is rally cracking down hard on people who work with them who don't work to the letter of the law.
Owner/dogsbody - Modculture

Rod

  • Hero Member
  • *****
  • Posts: 1501
  • Style in the Modern World
    • View Profile
Re: GDPR and the forum
« Reply #46 on: May 24, 2018, 12:19:06 PM »
As much as I enjoy the SMB as it keeps me connected to Sunderland and I’ve met some cracking lads off there, I found out after being a member for several years that the lad who runs it, Roger L, was in my brother’s year at school and is such a ‘hard man’ he used to bully me when he was about fifteen and I was a scrawny twelve year old. I’m pretty sure he doesn’t live in Sunderland but if I ever saw him on a trip home I’d be sorely tempted to chin the sackless c**t just for old times sake.

English Stan

  • Jr. Member
  • **
  • Posts: 61
  • Just joined
    • View Profile
Re: GDPR and the forum
« Reply #47 on: May 25, 2018, 02:46:55 PM »
Still here????

roundmidnight2

  • Jr. Member
  • **
  • Posts: 65
  • Just joined
    • View Profile
Re: GDPR and the forum
« Reply #48 on: May 26, 2018, 05:46:06 AM »
God luck with the legalities, and thanks for running the forum.

BrianB

  • Sr. Member
  • ****
  • Posts: 466
  • Just joined
    • View Profile
Re: GDPR and the forum
« Reply #49 on: June 05, 2018, 02:35:48 PM »
Might be giving information on what's already know, but I had a chat with some coworkers as the company I work for has a large online presence, and was given the following advice;

Here's where I would start with GDPR on the Simplemachines platform.

Step 1: Evaluate the current status of compliance.
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/controllers-checklist/

The most important pieces of this are records of consent, and an understanding of the type of information that is held by the business. Another important piece is ensuring you are adequately protecting children.

Unless the company is a Not-For-Profit, it will likely need to register as a small organization and pay a $40 Data protection fee.

Step 2: Update your privacy policy
Perhaps the most immediate change required for GDPR compliance is updating your Privacy Policy to contain certain required elements.

https://termsfeed.com/blog/how-to-update-privacy-policy-gdpr-compliance/

It can be super detailed: https://www.ziprecruiter.com/privacy
Or it can be a little short: https://medium.com/policy/medium-privacy-policy-f03bf92035c9

Step 2: Eliminate unnecessary PII to reduce the burden of compliance
In particular, for SimpleMachines it looks like you can stop the collection of IP addresses by modifying /sources/QueryString.php

http://www.simplemachines.org/community/index.php?topic=215976.0

Step 3: Ask your ICO

Once you have implemented a basic plan, don't hesitate to send questions to your ICO. There are thousands of other companies like yours with questions about implementation. The most likely scenario is not that GDPR is used to bludgeon companies native to the EU, but to protect EU consumers from foreign companies that are less protective of European Citizens' data


Hopefully this can help, even if it's just a little.....
Initials B.B.