User Tag List

Thanks Thanks:  14
Likes Likes:  6
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: GDPR Experts?

  1. #1
    Member Since
    Oct 2012
    Location
    Pittsburgh, PA
    Posts
    934
    Thanks (Received)
    22
    Likes (Received)
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    GDPR Experts?

    Does anyone on the forum have a really strong understanding how to secure a site for GDPR in the coming weeks? I've read a ton about it, but feel like i'm still missing something. Would really like to hear about the best ways to tell if your site is prepared.

    I've tested with cookiebot, installed consent popups, and changed the privacy policy. Not getting 100% compliant responses though. Is there something I need to change with GTM to get it to all work right?
    My rarely updated website (I should fix that) - https://www.ericrohrback.com
    Follow me on Twitter
    Want to talk? Book time with me here

  2. Thanks djbaxter, Tim Sweeney thanked this post
    Likes Linda Buquet liked this post
  3. #2
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,309
    Thanks (Received)
    169
    Likes (Received)
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: GDPR Experts?

    Excellent question and I'll follow this thread eagerly awaiting replies. I've been procrastinating on this issue waiting for the release of easy ways to comply or just a creative eureka moment to hit me.

  4. #3
    Member Since
    Dec 2014
    Location
    Ottawa
    Posts
    59
    Thanks (Received)
    4
    Likes (Received)
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: GDPR Experts?

    I'm looking forward to answers on this as well. A colleague mentioned to met that I should have contracts with my clients that indicate I am not responsible for their sites... I am the one that installs Google Analytics so perhaps need to educate them on something there...

  5. #4
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,309
    Thanks (Received)
    169
    Likes (Received)
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: GDPR Experts?

    I think a lot of companies and entrepreneurs are trying to work this out now, including me. My takeaway so far is there's no need to panic for most non-European entities - take it seriously, yes, but also take your time and get it right.

    WordPress and some forum software (not the vBulletin software that runs this forum, not yet anyway) have already developed compliance technology.

    Here are a few sources you might want to consult:


  6. Thanks Linda Buquet, Tim Sweeney thanked this post
  7. #5
    Member Since
    Dec 2014
    Location
    Ottawa
    Posts
    59
    Thanks (Received)
    4
    Likes (Received)
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: GDPR Experts?

    this is fantastic - thank you!

  8. Thanks djbaxter thanked this post
    Likes Linda Buquet liked this post
  9. #6
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,309
    Thanks (Received)
    169
    Likes (Received)
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: GDPR Experts?

    Here's how Xenforo forum software is handling GDPR in it's latest update, released yesterday. This may help you modify your own Privacy Policy for compliance, bearing in mind that this is for forum software.

    Upcoming changes for GDPR compliance in XF1 and XF2 | XenForo community

    The GDPR is a European Union (EU) regulation that has been designed to protect the data and privacy of EU residents. It strengthens and replaces existing data protection acts/directives and becomes enforceable from 25th May 2018. The primary aim is to give control to EU residents over their personal data and unify regulation within the EU.

    But I'm not an EU resident...
    That may be true, but with over half a billion residents in 28 member states, it's a fairly reasonable expectation that at some point you will have an EU resident register on your forum and they will indeed be protected by this regulation and breaches of the regulation can bring penalties and fines against you, whether you're an EU resident, or not. Even so, data protection and privacy will be important to every one of your members, regardless of their country of origin.

    Individual rights

    Right to erasure
    ICO said:

    Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.


    Unfortunately, erasure does not relate to a 1980s pop duo but instead it relates to the inevitability that at some point, one of your members may want to leave your forum and in doing so, may want to have their personal data removed. This is also known as the "right to be forgotten".

    Of course XenForo has always allowed you to delete members via the Admin CP, and this approach is still recommended, but this has traditionally left their content attributed to them. You have always been able to workaround this by changing the user's name prior to deleting the user. Although we're not at this stage looking to totally remove the user's content, we are making it easier to anonymise a deleted user's content.

    When deleting a user, you will now be given the option to just delete them (as now) or change their name before deleting them. You can choose the pre-defined text (which is the content of the deleted_member phrase in your language, followed by their user_id) or change it manually to whatever name you prefer.

    Right to data portability
    ICO said:

    The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.


    Technically, under certain laws in certain countries, the right for a user to request a copy of any personal information held by a data controller has always been necessary. The main difference now is that the information should be provided to the data subject in a machine readable format.

    Starting with the next release, it will be possible for admins to generate an XML file containing a user's personal information, including those entered in custom user fields. The XML file produced can be imported into any other XF1 or XF2 forum running an appropriate version.


    Right to be informed
    ICO said:


    • You must provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’.
    • You must provide privacy information to individuals at the time you collect their personal data from them.
    • You must regularly review, and where necessary, update your privacy information. You must bring any new uses of an individual’s personal data to their attention before you start the processing.



    Lawful basis for processing

    Consent
    ICO said:


    • Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.
    • Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
    • Keep evidence of consent – who, when, how, and what you told people.


    We already make it possible for a user to opt-in to or opt-out of receiving site emails using the "Receive site mailings" option under "Preferences", which can of course be set or un-set by default for new users under Options > User registration. That preference remains, though we have changed its name slightly. We've also added a new admin option (again, under "User registration") to enable you to show that preference on registration.

    To enable you to keep evidence of consent, we will log the consent date for acceptance of the terms and rules and privacy policy in the "User change log". We will also log if a user chooses explicitly opt in to receiving emails.

    In the current version, user change logs are only kept for a period of 60 days (by default) so we have made changes here to ensure that certain change logs are "protected". These protected entries are never pruned and they are displayed differently in the log (denoted by the left feature border):

    Cookies
    ICO said:

    The rules on cookies are in regulation 6. The basic rule is that you must:

    • tell people the cookies are there;
    • explain what the cookies are doing and why; and
    • get the person’s consent to store a cookie on their device.


    The default help page for cookies has been expanded with more detailed information about what cookies are set, and why.
    Read more...

  10. Thanks Linda Buquet thanked this post
  11. #7
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,309
    Thanks (Received)
    169
    Likes (Received)
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  12. Thanks Linda Buquet thanked this post
  13. #8
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,309
    Thanks (Received)
    169
    Likes (Received)
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: GDPR Experts?

    WordPress has just released a new version that addresses GDPR issues:


    WordPress 4.9.6 Privacy and Maintenance Release
    by Allen Snook , WordPress
    May 17, 2018

    WordPress 4.9.6 is now available. This is a privacy and maintenance release. We encourage you to update your sites to take advantage of the new privacy features.

    Privacy
    The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25. The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared.

    It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.

    You can learn more about the GDPR from the European Commission’s Data Protection page.

    We’re committed to supporting site owners around the world in their work to comply with this important law. As part of that effort, we’ve added a number of new privacy features in this release.

    Comments


    Logged-out commenters will be given a choice on whether their name, email address, and website are saved in a cookie on their browser.

    Privacy Policy Page
    Site owners can now designate a privacy policy page. This page will be shown on your login and registration pages. You should manually add a link to your policy to every page on your website. If you have a footer menu, that’s a great place to include your privacy policy.

    In addition, we’ve created a guide that includes insights from WordPress and participating plugins on how they handle personal data. These insights can be copied and pasted into your site’s privacy policy to help you get started.

    If you maintain a plugin that collects data, we recommend including that information in WordPress’ privacy policy guide. Learn more in our Privacy section of the Plugin Handbook.

    Data Handling
    Data Export

    Site owners can export a ZIP file containing a user’s personal data, using data gathered by WordPress and participating plugins.

    Data Erasure
    Site owners can erase a user’s personal data, including data collected by participating plugins.

    Howdy,
    A request has been made to perform the following action on your account:

    Export Personal Data

    To confirm this, please click on the following link:
    http://.wordpress.org/wp-login.php?action=confirmaction…

    You can safely ignore and delete this email if you do not want to
    take this action.

    This email has been sent to you@example.com.

    Site owners have a new email-based method that they can use to confirm personal data requests. This request confirmation tool works for both export and erasure requests, and for both registered users and commenters.
    Read more...

  14. Thanks Linda Buquet thanked this post
  15. #9
    Member Since
    Jun 2012
    Location
    SoCal
    Posts
    14,630
    Thanks (Received)
    178
    Likes (Received)
    207
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Re: GDPR Experts?

    I just got a pitch for a product...

    Email subject: "Nobody will trust you if you ignore GDPR!"

    "NOBODY"??? Not even my Mom??? A little over the top don't you think?

    Most consumers in US won't even know what GDPR is - much less stop trusting you if your site doesn't have it.

    Linda Buquet .:. Forum Founder, Google Local Specialist

    If you benefit from advice here... Please pay the community back by sharing on social OR helping someone else at the forum. Thank you!

    Don't Miss Important News & Tips! Subscribe to Daily Email Digest Here

    Note: Due to mulitple RSI injuries, pardon short replies. Typos? Blame it on "Dragon".

  16. Likes djbaxter liked this post
  17. #10
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,309
    Thanks (Received)
    169
    Likes (Received)
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    GDPR Experts?

    Quote Originally Posted by Linda Buquet View Post
    Most consumers in US won't even know what GDPR is - much less stop trusting you if your site doesn't have it.
    That's true.

    And most people regardless of origin won't know even if you are GDPR compliant unless you hang out a sign on your site saying you are.

    The bottom line is that this is basically a way of standardizing some aspects of a privacy policy and terms of service, which many (probably most?) sites already have.

  18. Likes Linda Buquet liked this post

Similar Threads

  1. Experts doing Ste or # or Suite ?
    By onebluesummer in forum Google Local
    Replies: 1
    Last Post: 06-12-2017, 11:49 AM
  2. Need Local Experts Help
    By hollypowell in forum Consultant's Corner
    Replies: 8
    Last Post: 08-27-2015, 01:25 PM
  3. Really Need The Experts On This One :(
    By DGDMarketing in forum Help & Support for Google Local
    Replies: 2
    Last Post: 06-06-2015, 01:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •