- 14 Mar 2002
- 15,970
- 9,208
- 749
The GDPR, the European Union's new General Data Protection Regulation, comes into force on May 25th 2018. It has been the hottest topic among webmasters and website administrators for many weeks. So, what is it? And how does it apply to you and our website?
What is the GDPR?
The GDPR is a European Union (EU) regulation that has been designed to protect the data and privacy of EU residents. It strengthens and replaces existing data protection acts/directives and becomes enforceable from 25th May 2018. The primary aim is to give control to EU residents over their personal data and unify regulation within the EU. Any organisation that handles visitors or customers from inside the EU is required to adhere to the GDPR, which aims to protect the personal data of EU residents, with the threat of penalties for non-compliance.
Individual rights
Right to erasure
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the 'right to be forgotten'. The right is not absolute and only applies in certain circumstances.
The right to erasure relates to the inevitability that at some point, a member may want to leave the forum and in doing so, may want to have their personal data removed. This is also known as the "right to be forgotten". Users have no the option to have their data deleted and their name changed before deleting them.
Note: having their data deleted does not mean that members are entitled to have their content (threads, posts, articles, etc.) removed unless it contains personally identifiable information.
Right to data portability
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
Technically, under certain laws in certain countries, the right for a user to request a copy of any personal information held by a data controller has always been necessary. The main difference now is that the information should be provided to the data subject in a machine readable format. Users will now be able to generate an XML file containing their personal information, including those entered in custom user fields.
Right to be informed
Consent
On a similar subject to the previous "Right to be informed" section, consent must apply to things such as the privacy policy and terms and rules. To enable us to keep evidence of consent, we will log the consent date for acceptance of the terms and rules and privacy policy. We will also log if a user chooses explicitly opt in to receiving emails.
Cookies
The rules on cookies are in regulation 6. The basic rule is that you must:
We are trying to implement the most significant of these changes until tomorrow, but expect a lot of updates and notices asking for your consent within the next few days and weeks. We are sorry to bother you with additional pop-ups asking you to consent with our cookie and privacy policies.
We shall keep this thread updated with further details on GDPR compliance.
What is the GDPR?
The GDPR is a European Union (EU) regulation that has been designed to protect the data and privacy of EU residents. It strengthens and replaces existing data protection acts/directives and becomes enforceable from 25th May 2018. The primary aim is to give control to EU residents over their personal data and unify regulation within the EU. Any organisation that handles visitors or customers from inside the EU is required to adhere to the GDPR, which aims to protect the personal data of EU residents, with the threat of penalties for non-compliance.
Individual rights
Right to erasure
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the 'right to be forgotten'. The right is not absolute and only applies in certain circumstances.
The right to erasure relates to the inevitability that at some point, a member may want to leave the forum and in doing so, may want to have their personal data removed. This is also known as the "right to be forgotten". Users have no the option to have their data deleted and their name changed before deleting them.
Note: having their data deleted does not mean that members are entitled to have their content (threads, posts, articles, etc.) removed unless it contains personally identifiable information.
Right to data portability
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
Technically, under certain laws in certain countries, the right for a user to request a copy of any personal information held by a data controller has always been necessary. The main difference now is that the information should be provided to the data subject in a machine readable format. Users will now be able to generate an XML file containing their personal information, including those entered in custom user fields.
Right to be informed
- You must provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with. We call this 'privacy information'.
- You must provide privacy information to individuals at the time you collect their personal data from them.
- You must regularly review, and where necessary, update your privacy information. You must bring any new uses of an individual's personal data to their attention before you start the processing.
Consent
- Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.
- Consent requires a positive opt-in. Don't use pre-ticked boxes or any other method of default consent.
- Keep evidence of consent – who, when, how, and what you told people.
On a similar subject to the previous "Right to be informed" section, consent must apply to things such as the privacy policy and terms and rules. To enable us to keep evidence of consent, we will log the consent date for acceptance of the terms and rules and privacy policy. We will also log if a user chooses explicitly opt in to receiving emails.
Cookies
The rules on cookies are in regulation 6. The basic rule is that you must:
- tell people the cookies are there;
- explain what the cookies are doing and why; and
- get the person's consent to store a cookie on their device.
We are trying to implement the most significant of these changes until tomorrow, but expect a lot of updates and notices asking for your consent within the next few days and weeks. We are sorry to bother you with additional pop-ups asking you to consent with our cookie and privacy policies.
We shall keep this thread updated with further details on GDPR compliance.