As you're probably aware new laws come into effect on the 25th of May which mean we have to comply, or face extremely large fines.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
http://www.rps.org/special-interest-groups/contemporary/blogs/2018/february/gdpr-and-street-photography
Where that is going to leave us here at CC I have no idea, but I do know the software we use here isn't kitted up to comply. The forum we might be able to get something in place to tide us over. The gallery on the other hand might not be so easy, there's no mods or plugins for this atm that I'm aware of. This might result in me having to shut down the gallery, either on a temporary or permanent basis.
I'm no expert on legal matters, and to be honest struggle with all the jargon outlined in the GDPR guides. Sorry to bring you this news, but I'm at a loss what to do.
Mick, is it really such a problem? If you tell us exactly what personal data you ask us to provide, exactly what you use it for, and who you will share it with (hopefully no one), is there anything else you need do? If we provide unasked for data (as perhaps personal comments in the forum or gallery) you couldn't be responsible for it.
The above is just my opinion; I am not in any way qualified to interpret the law.
Simon
GDPR is more to do with marketing. So targeted adverts for events and the like who need to be able to be opted out of.
The software probably has options for email/PM contact that members can adjust to suit.
You need a policy as to what you do with the data, who gets it and what you do store. And what you do in the event of a data breach.
TBH you have little to worry about - the only thing (from memory) to sign up is email address and probably some form of age. I doubt you will be holding addresses and the like.
I think you have to be able to remove data that people request - so in theory comments - but that is really not practical on a forum that could have been quoted a hundred times in theory. But you could delete all the users direct posts I would think (PhpBB can)
Gallery - same applies - as admin I'm pretty sure you could delete any users images if required. Comments. Possibly.
You also can't keep data longer than is necessary. Really doesn't apply here.
Thanks. I'm probably over worrying regarding this one, although they have made it sound pretty scary. The UK cookie law was bad enough, but this just takes it to another level entirely.
I'll install a mod here shortly which will ask you to accept or decline the Registration agreement, and another to accept or decline the Privacy policy. These two docs will no doubt need adjustment to suite this site, I'm open to suggestions on this. ;)
Also Includes:
Allows member to export their data. Their profile and post information (forum only).
On member deletion clears IP address and email from posts and assigns a new username to all old posts.
Includes a privacy policy page, adds link in the footer e and adds a section for consent on registration
Stores the date/time that the privacy policy was changed and option to force to reagree
Stores the date/time that the registration agreement was changed and option to force to reagree
You'll also notice that while you're seeing the agreement or policy the links in the main nav won't do anything until you accept. Unfortunately the gallery link will still work, but I can get around this my moving it into a side block.
I might nick some of that wording Mick ;)
Quote from: anglefire on May 07, 2018, 03:46:43 PM
I might nick some of that wording Mick ;)
Apart from the Viglink bit all the rest is what came in the mod as standard, no idea if the wording is correct or not yet, need to tweak as we go here. lol.. The privacy policy can be viewed anytime by clicking on it at the bottom of page. ;)
Who gives a *expletive deleted*? Just clicked through!
Quote from: Hinfrance on May 07, 2018, 08:06:08 PM
Who gives a *expletive deleted*? Just clicked through!
Can't say I've really paid much attention to these things either, and usually click through as you did. Unfortunately I can't see them easing up on these new rules, so I have to try and go along with it. It's a crazy world we live in. ;)
I skimmed through and accepted them. In the case of this forum, it comes down to a matter of trust, and I trust you to, if you'll excused the dated phrase, "play the game". With a straight bat...
What concerns me more is the increasing over regulation of everything that may cause all forums to have to shut down. After all, if "they" succeed in forcing all newspapers to sign up to a state censorship on pain of having to meet the legal costs of frivolous and malicious lawsuits brought against newspapers that don't sign up, how long before they realise that people can be defamed (or MPs' misconduct revelaed) on the internet and apply the same logic and penalties to forums?
PS Many thanks for keeping the forum going despite all the obstacles MPs place in the way.
I just agreed with the privacy policy; hope this is enough to satisfy those who want to regulate everything.
So far, I have only had requests to agree/confirm, from people who send regular newsletters. Sadly, only those to which I had actively subscribed. There are still those who send unasked for newsletters; I suppose they maybe from outside Europe.