News, Announcements, Feedback, Improvements, Changes and Policies.
#26668 by ThemeSplat
April 18th, 2018, 6:27 pm
By now you might have heard or stumbled across articles about the "General Data Protection Regulation" (GDPR) that is coming into effect May 25 2018.

Image
http://ec.europa.eu/justice/smedataprotect/index_en.htm

The General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union.

It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business.


Frequently Asked Questions

What is GDPR?
This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

How do Businesses benefit from GDPR?
  • Build stronger customer relationships and trust
  • Improve the brand image of the organization and its brand reputation
  • Improve the governance and responsibility of data
  • Enhance the security and commitment to the privacy of the brand
  • Create value-added competitive advantages

Who does the GDPR affect?
The GDPR applies to all EU organisations – whether commercial business, charity or public authority – that collect, store or process EU residents’ personal data, even if they’re not EU citizens.

The GDPR applies to all organisations located within the EU, whether you are a commercial business, charity or public authority, institution and collect, store or process EU citizen data. It also applies to any organisation located outside of the EU if they also collect store or process EU citizen data.

What is considered personal data?
The GDPR defines personal data as any information or type of data that can directly or indirectly identify a natural person’s identity. This can include information such as Name, Address, Email, Photos, System Data, IP addresses, Location data, Phone numbers, and Cookies.

For other special categories of personal data, there are more strict regulations for categories such as Race, Religion, Political Views, Sexual Orientation, Health Information, Biometric and Genetic data.

What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.

There is a tiered approach to the fines whereby a company can be fined 2% for not having their records in order (Article 28), not notifying the supervising authority and Data User about a security breach or for investigating and assessing the breach.



Additional Readings:
Here's a nice write up from a great software company you might even have used its products before,
Acronis:
https://www.acronis.com/en-us/articles/gdpr/

From Wikipedia:
https://en.wikipedia.org/wiki/General_D ... Regulation

Here's some posts from the phpBB community:
https://www.phpbb.com/community/viewtop ... #p14894671 and: https://www.phpbb.com/community/viewtop ... &t=2419821

Feel free to discuss it below. Your understanding, concerns and what you think about this matter and how might affect your forums.
#26669 by Bez
April 18th, 2018, 7:06 pm
Well my question is does it actually apply to someone like me?

I basically run a gaming forum and on it everyone has a username instead of a real name (just like most forums) and apart from the email address that is it. (yes i know i can get the IP address as well :evil: )

So i would like to think that this should not apply to forums like mine, or am i wrong? :-o
#26672 by XwXCatwomanXwX
April 19th, 2018, 4:23 am
Thank you for bringing up this topic!
I know that the current privacy policy that comes with the phpbb site is not sufficient to cover the GDRP regulations because my site is so customized.

I am actually working with an attorney to work on writing a custom policy for my phpbb site. For example, the fact that people can create an account using the OneAll social sign in needs to be clear to EU members how that data is used. Also, like when BBMarket Goods is created, there will need to be privacy policy explain how you data is used. I don't out worldly market to ppl in the Europe but I welcome all people so I'd rather be safe then sorry.

Is anyone else here working on updating their privacy policy section?
#26675 by WelshPaul
April 19th, 2018, 6:32 am
It's not as simple as just updating your privacy policy though.

I've done everything I can, all I need to do now is implement the option of downloading a user's personal data via CSV file.
#26677 by XwXCatwomanXwX
April 19th, 2018, 5:04 pm
@PhilDicuss- Read the links and or watch the video and you will know. 8-)
@WelshPaul- You correct. Updating the privacy policy is not the only thing. There also needs to be a pop up prompting that the site has cookies and actionable prompts to disabled tracking. Also, how people can have their info deleted from the forum if they no longer want their info to be in the site.

The CSV exporter you are working on, is it only so that users can download their info or will they also be able to download their posts?
#26685 by ThemeSplat
April 20th, 2018, 7:12 pm
Added some more info on the first post.
#26687 by Leinad4Mind
April 20th, 2018, 11:19 pm
Great! This topic is useful for sure.

Who is online

Users browsing this forum: No registered users and 3 guests