To use this website completely, it is necessary to store cookies on your computer.
 

* Navigator

Expand - Collapse

* Statistic

  • *Total Posts: 14963
  • *Total Topics: 2276
  • *Online Today: 46
  • *Most Online: 292
(2016 November 12, 09:37:31 am)

GDPR support

Started by Arantor, 2017 October 29, 03:16:15 pm

previous topic - next topic

0 Members and 0 Guests are viewing this topic.

Arantor

2017 October 29, 03:16:15 pm
What plans are there for supporting the functionality required by GDPR after May 2018?

feline

#1
2017 October 29, 04:05:17 pm
Well .. currently we have no concrete informations what comes in the EU.
But .. I think it's not a big problem for Forumsystem, because nobody MUST make a registration on a Forum.

Currently we store his IP and email and this information we give the user before he accept the cookies and register a accout. Without ECL consens NOTHING is saved, and we do not create a SESSION.
All other Member informations are free to give us .. nothing is a MUST do.

So I think, that it's not a big problem for us to Implement that was comes in the EU and we can calm down  ;)
But ... I see a problem for Admins they use a systems (Like SMF) where the location is inside the EU ...

Fel
Many are stubborn in relation to the path, a few in relation to the target.

Arantor

#2
2017 October 29, 05:07:30 pm
If only it were that simple.

Firstly, the average forum administrator is a data controller. Sucks, but it's true. So they have responsibilities simply by running a forum and collecting email addresses.

The registration agreement probably needs a rewrite, but whether it does or it doesn't... you need to track when people agreed to the terms. You also need to check when the terms change that people are still happy with the terms, and track every subsequent acceptance.

There's also the fact that users can request a copy of all the data you hold on them, electronically in a open format. (Ideally, provide this in a self-service format.)

And permission to delete account pretty much needs to be given to everyone, it must be actioned inside a month, and all data that is personally identifiable needs to be able to be removed. As a minimum this would imply users that chose to use their name as their username would have to be scrubbed before deletion was approved. This would also need to scrub the database of all email addresses stored in the messages table against a user's posts.

I'm also not clear on how this would work for guest posting, or whether this would be mandatory to be disabled for the sake of being able to prove consent to data collection.