Page 1 of 2

General Data Protection Regulation (GDPR) and phpBB

PostPosted:April 18th, 2018, 6:27 pm
by ThemeSplat
By now you might have heard or stumbled across articles about the "General Data Protection Regulation" (GDPR) that is coming into effect May 25 2018.

Image
http://ec.europa.eu/justice/smedataprotect/index_en.htm

The General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union.

It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business.


Frequently Asked Questions

What is GDPR?
This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

How do Businesses benefit from GDPR?
  • Build stronger customer relationships and trust

  • Improve the brand image of the organization and its brand reputation

  • Improve the governance and responsibility of data

  • Enhance the security and commitment to the privacy of the brand

  • Create value-added competitive advantages

Who does the GDPR affect?
The GDPR applies to all EU organisations – whether commercial business, charity or public authority – that collect, store or process EU residents’ personal data, even if they’re not EU citizens.

The GDPR applies to all organisations located within the EU, whether you are a commercial business, charity or public authority, institution and collect, store or process EU citizen data. It also applies to any organisation located outside of the EU if they also collect store or process EU citizen data.

What is considered personal data?
The GDPR defines personal data as any information or type of data that can directly or indirectly identify a natural person’s identity. This can include information such as Name, Address, Email, Photos, System Data, IP addresses, Location data, Phone numbers, and Cookies.

For other special categories of personal data, there are more strict regulations for categories such as Race, Religion, Political Views, Sexual Orientation, Health Information, Biometric and Genetic data.

What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.

There is a tiered approach to the fines whereby a company can be fined 2% for not having their records in order (Article 28), not notifying the supervising authority and Data User about a security breach or for investigating and assessing the breach.

make your phpBB forum GDPR compliant:
use BBgdpr: marketplace.php?mode=view&item_id=69

Additional Readings:
Here's a nice write up from a great software company you might even have used its products before,
Acronis:
https://www.acronis.com/en-us/articles/gdpr/

From Wikipedia:
https://en.wikipedia.org/wiki/General_D ... Regulation

Here's some posts from the phpBB community:
https://www.phpbb.com/community/viewtop ... #p14894671 and: https://www.phpbb.com/community/viewtop ... &t=2419821

Feel free to discuss it below. Your understanding, concerns and what you think about this matter and how might affect your forums.

Re: General Data Protection Regulation (GDPR) and phpBB

PostPosted:April 18th, 2018, 7:06 pm
by Bez
Well my question is does it actually apply to someone like me?

I basically run a gaming forum and on it everyone has a username instead of a real name (just like most forums) and apart from the email address that is it. (yes i know i can get the IP address as well :evil: )

So i would like to think that this should not apply to forums like mine, or am i wrong? :-o

Re: General Data Protection Regulation (GDPR) and phpBB

PostPosted:April 19th, 2018, 4:23 am
by XwXCatwomanXwX
Thank you for bringing up this topic!
I know that the current privacy policy that comes with the phpbb site is not sufficient to cover the GDRP regulations because my site is so customized.

I am actually working with an attorney to work on writing a custom policy for my phpbb site. For example, the fact that people can create an account using the OneAll social sign in needs to be clear to EU members how that data is used. Also, like when BBMarket Goods is created, there will need to be privacy policy explain how you data is used. I don't out worldly market to ppl in the Europe but I welcome all people so I'd rather be safe then sorry.

Is anyone else here working on updating their privacy policy section?

Re: General Data Protection Regulation (GDPR) and phpBB

PostPosted:April 26th, 2018, 3:31 pm
by ThemeSplat
XwXCatwomanXwX » 23 Apr 2018, 01:38 wrote:

Will SiteSplat be making any changes to the site in order to be GDPR compliant?

Yes. Also "BBgdpr" ext is coming for you all guys. Aiming to get your forums GDPR and Cookie Law compliant. So the admins can once again focus on their forums rather then a bunch of legalese and unknown wrong procedures.

General Data Protection Regulation (GDPR) and phpBB

PostPosted:May 2nd, 2018, 4:39 pm
by sebeichholz
That's really great!
It looks as if you will rescue my board :-)

General Data Protection Regulation (GDPR) and phpBB

PostPosted:May 13th, 2018, 9:58 pm
by pingoo62
Hi,

How do you ensure this BBgdpr will apply only to EU citizen?
Can the delete account function, instead of directly delete all the posts, optionally just show a custom message. It would for example say “please send an email to ... from the email link to your account and attach a proof (id, passport scan) proving that you are a EU citizen”.
Even with a “proof”, how can you link a passport scan with an account? It s easy to find a passport scan on internet. Seems not easy to ensure the person claiming for deletion is a EU citizen and is who it claims to be.
I don’t want to give a function that deletes all the post of an account without being sure the user has the right to, or the function will be abused.
Any thought?

Best regards,

General Data Protection Regulation (GDPR) and phpBB

PostPosted:June 5th, 2019, 7:38 pm
by El_Lagarto
NEW extensions in the Marketplace (including GDPR policy that started this thread)!

Re: General Data Protection Regulation (GDPR) and phpBB

PostPosted:December 10th, 2019, 5:15 am
by ThemeSplat
make your phpBB forum GDPR compliant:
use BBgdpr: marketplace.php?mode=view&item_id=69

Re: General Data Protection Regulation (GDPR) and phpBB

PostPosted:December 10th, 2019, 11:08 am
by WelshPaul
I don't understand why anyone would hold back on purchasing BBGDPR! It's by far the best GDRP extension out there by a mile.

Re: General Data Protection Regulation (GDPR) and phpBB

PostPosted:December 10th, 2019, 4:53 pm
by Iveco
I am running my board and server in Germany, which has the strongest privacy protection laws in the world. Actually BBGPR is the only compliant plugin available up to now, thats why I am using it.