The Official Community Support Forum 

  • General Data Protection Regulation (GDPR) and phpBB

  • News, Announcements, Feedback, Improvements, Changes and Policies.
News, Announcements, Feedback, Improvements, Changes and Policies.
 #26668  by ThemeSplat
 April 18th, 2018, 6:27 pm
By now you might have heard or stumbled across articles about the “General Data Protection Regulation” (GDPR) that is coming into effect May 25 2018.


The General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union.

It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business.

Frequently Asked Questions

What is GDPR?
This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

How do Businesses benefit from GDPR?
  • Build stronger customer relationships and trust

  • Improve the brand image of the organization and its brand reputation

  • Improve the governance and responsibility of data

  • Enhance the security and commitment to the privacy of the brand

  • Create value-added competitive advantages

Who does the GDPR affect?
The GDPR applies to all EU organisations – whether commercial business, charity or public authority – that collect, store or process EU residents’ personal data, even if they’re not EU citizens.

The GDPR applies to all organisations located within the EU, whether you are a commercial business, charity or public authority, institution and collect, store or process EU citizen data. It also applies to any organisation located outside of the EU if they also collect store or process EU citizen data.

What is considered personal data?
The GDPR defines personal data as any information or type of data that can directly or indirectly identify a natural person’s identity. This can include information such as Name, Address, Email, Photos, System Data, IP addresses, Location data, Phone numbers, and Cookies.

For other special categories of personal data, there are more strict regulations for categories such as Race, Religion, Political Views, Sexual Orientation, Health Information, Biometric and Genetic data.

What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.

There is a tiered approach to the fines whereby a company can be fined 2% for not having their records in order (Article 28), not notifying the supervising authority and Data User about a security breach or for investigating and assessing the breach.

make your phpBB forum GDPR compliant:
use BBgdpr: marketplace.php?mode=view&item_id=69

Additional Readings:
Here’s a nice write up from a great software company you might even have used its products before,

From Wikipedia: ... Regulation

Here’s some posts from the phpBB community: ... #p14894671 and: ... &t=2419821

Feel free to discuss it below. Your understanding, concerns and what you think about this matter and how might affect your forums.
 #26669  by Bez
 April 18th, 2018, 7:06 pm
Well my question is does it actually apply to someone like me?

I basically run a gaming forum and on it everyone has a username instead of a real name (just like most forums) and apart from the email address that is it. (yes i know i can get the IP address as well :evil: )

So i would like to think that this should not apply to forums like mine, or am i wrong? :-o
 #26672  by XwXCatwomanXwX
 April 19th, 2018, 4:23 am
Thank you for bringing up this topic!
I know that the current privacy policy that comes with the phpbb site is not sufficient to cover the GDRP regulations because my site is so customized.

I am actually working with an attorney to work on writing a custom policy for my phpbb site. For example, the fact that people can create an account using the OneAll social sign in needs to be clear to EU members how that data is used. Also, like when BBMarket Goods is created, there will need to be privacy policy explain how you data is used. I don’t out worldly market to ppl in the Europe but I welcome all people so I’d rather be safe then sorry.

Is anyone else here working on updating their privacy policy section?
 #26677  by XwXCatwomanXwX
 April 19th, 2018, 5:04 pm
@PhilDicuss- Read the links and or watch the video and you will know. 8-)
@WelshPaul- You correct. Updating the privacy policy is not the only thing. There also needs to be a pop up prompting that the site has cookies and actionable prompts to disabled tracking. Also, how people can have their info deleted from the forum if they no longer want their info to be in the site.

The CSV exporter you are working on, is it only so that users can download their info or will they also be able to download their posts?
 #26687  by Leinad4Mind
 April 20th, 2018, 11:19 pm
Great! This topic is useful for sure.
 #26801  by ThemeSplat
 April 26th, 2018, 3:31 pm
XwXCatwomanXwX » 23 Apr 2018, 01:38 wrote:

Will SiteSplat be making any changes to the site in order to be GDPR compliant?

Yes. Also “BBgdpr” ext is coming for you all guys. Aiming to get your forums GDPR and Cookie Law compliant. So the admins can once again focus on their forums rather then a bunch of legalese and unknown wrong procedures.
 #26851  by ThemeSplat
 May 2nd, 2018, 4:03 pm
Almost ready. I’m working out the cookie law code so its actually a proper opt-in/out that respects user choice.
None of the extensions around do this. Not even sure why they bothered with such extensions when they do not provide the intended regulations.

here’s a sneak peak of the UCP:

Plus many other options around, like ACP custom policy page, user acceptance logs, stats etc.
Should be out and ready in about week from now.
 #26984  by pingoo62
 May 13th, 2018, 9:58 pm

How do you ensure this BBgdpr will apply only to EU citizen?
Can the delete account function, instead of directly delete all the posts, optionally just show a custom message. It would for example say “please send an email to … from the email link to your account and attach a proof (id, passport scan) proving that you are a EU citizen”.
Even with a “proof”, how can you link a passport scan with an account? It s easy to find a passport scan on internet. Seems not easy to ensure the person claiming for deletion is a EU citizen and is who it claims to be.
I don’t want to give a function that deletes all the post of an account without being sure the user has the right to, or the function will be abused.
Any thought?

Best regards,