guzziriders.org - moto guzzi forum Homepage
Forum Home Forum Home > Introduction > Forum Features and Issues
  New Posts New Posts RSS Feed - GDPR
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

GDPR

 Post Reply Post Reply Page  123>
Author
Message
Webmaster View Drop Down
Admin Group
Admin Group
Avatar

Joined: 13 May 2014
Location: Surrey
Status: Offline
Points: 101
Post Options Post Options   Thanks (0) Thanks(0)   Quote Webmaster Quote  Post ReplyReply Direct Link To This Post Topic: GDPR
    Posted: 24 Apr 2018 at 20:59
General Data Protection Racket (OK, regulations).

Obviously this forum must comply, otherwise I could get fined.

I'm not in a position to pay lots of money for expensive legal advice, so does anyone out there have any knowledge of the subject that they would like to share?

The forum software has been updated to help compliance, now if you look at your forum Member control panel you will see a link to view all the data this forum holds on you.

Given the threat of fines, if I can't be sure of compliance, I would have little alternative but to close the forum down. So please, a bit of sensible help please.
Back to Top
V7Chris View Drop Down
Senior Member
Senior Member


Joined: 13 May 2017
Location: Shropshire
Status: Offline
Points: 986
Post Options Post Options   Thanks (0) Thanks(0)   Quote V7Chris Quote  Post ReplyReply Direct Link To This Post Posted: 24 Apr 2018 at 22:39
I understand your concern Brian but I don't think the regulators are gunning for the forum organisers of this sort. I have not got my head completely around the GDPR myself yet I must admit. I have to verify that training companies comply with the registration requirements under the former Data Protection Act. I usually point them towards the self assessment resources on the information commissioner website at www.ico.org.uk . The ICO have stayed that they will be taking a light touch approach to compliance and will focus on guidance rather than enforcement particularly to begin with. At the end of the day, I am sure you are not trading data or operating for commercial gain so I would think we would be very low on their radar/risk rating. Anyway, as and when I get a better understanding, I will let you know if I think I can help at all. I think the main change is there must be a positive opt in to permitting use/storage/dissemination of personal data as opposed to opt out by exception. Could you set the forum sign up to require authorisation by users for you to hold the information supplied for the purpose of voluntary membership only or if opted out, restrict access to our profile information by other forum members? After all, you don't require much in the way of personal info. 
I will let you know if I glean anything useful from my colleagues or official channels.
Chris
Back to Top
Oldrat View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 May 2014
Location: Harrow
Status: Offline
Points: 1189
Post Options Post Options   Thanks (0) Thanks(0)   Quote Oldrat Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 05:53
I touch on GDPR at work, Public Sector, and do have a little knowledge...(eek!)

We hold personal data about folks, in short it’s info that someone can be identified from. Agree with all the advice above.  I would add the following..

We have a data statement telling folks what we do with their info (especially if it’s passed on to others etc) why we keep their data, what we use it for, how we keep it secure and who/how to contact should they wish to see what we hold and ask to change / remove. 

You could easily tell people that at sign up but up you still need to capture us residents already here. Because of the positive opt in as described by V7 Chris I can’t see any way around the technical need to contact each user somehow, obtaining that opt in consent.

Having gripped the rail myself and been personally investigated by the ICO for something one of my managers did- yep it’s a personal liability as well, my advice is that if you can insert the data statement at sign up and email each resident then that’s brilliant.  BUT

Warning personal opinion here.. 
If getting residents consent is beyond capability for some reason then because of the (excuse me here) “shoe string” / “non profit and benefit the user“ nature of this most splendid forum, you are likely to subject to the light touch as Chris said. Being a non commercial outfit (?) you need to show best efforts to comply - so at a minimum, you should include a positive opt in statement to new bods, and IMHO I reckon you could get away with a big bold post to us existing residents where we can all post our acquiescence.

Unless someone else has a better insight??


1976 "Zagato" Gootsi cafe racer
1980 LM 2, Coburn and Hughes.
2017 BMW R1200 GSA
Back to Top
Jerry atric View Drop Down
Senior Member
Senior Member
Avatar

Joined: 24 Nov 2014
Location: Wiltshire
Status: Offline
Points: 1889
Post Options Post Options   Thanks (0) Thanks(0)   Quote Jerry atric Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 07:02
As a VMCC member, I have just had to sign a paper form agreeing to them holding my details etc. The main thing is that consent has to have a signature. I for one, and I suspect many more, don't think I have the facility or prowess to do this electronically
Back to Top
Oldrat View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 May 2014
Location: Harrow
Status: Offline
Points: 1189
Post Options Post Options   Thanks (0) Thanks(0)   Quote Oldrat Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 07:37
Users must personally agree and not be assumed to opt in as has been the case up until now.  I’m not aware of a signature requirement, it’s all about informed consent. 
1976 "Zagato" Gootsi cafe racer
1980 LM 2, Coburn and Hughes.
2017 BMW R1200 GSA
Back to Top
Andrew_C View Drop Down
Senior Member
Senior Member
Avatar

Joined: 14 May 2014
Location: Hampshire
Status: Offline
Points: 267
Post Options Post Options   Thanks (0) Thanks(0)   Quote Andrew_C Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 07:43
CCan you modify the 'Log In' page to add an 'I explicitly consent to blah data handling' Keep it short with a link to more details if needed. Then force every one to log off and back on to see and accept or otherwise.
Back to Top
Oldrat View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 May 2014
Location: Harrow
Status: Offline
Points: 1189
Post Options Post Options   Thanks (0) Thanks(0)   Quote Oldrat Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 07:49
now that sounds like a plan. Thumbs UpClap
1976 "Zagato" Gootsi cafe racer
1980 LM 2, Coburn and Hughes.
2017 BMW R1200 GSA
Back to Top
Brian UK View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 13 May 2014
Location: Surrey
Status: Offline
Points: 8974
Post Options Post Options   Thanks (0) Thanks(0)   Quote Brian UK Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 08:05
The new software does provide a "just in time" reminder but not certain yet whether that's just for new arrivals or covers all on the log in page.
Of course many wouldn't see it because they tick the box to be remembered by the forum, so don't need to log in.

There seems to be so many interpretations of what is needed.
On the one hand, one forum I know is sending out emails to all telling them they have to "opt in", but others, like FaceAche just have some new conditions for Europe.
I have an account at Garmin for maps, all I got from them was a statement saying they have a legitimate interest in the data I provided. The Waitrose store card tell me I need do nothing but read their new conditions.

Confused? Yes I am a bit.
Brian.

Better 5 minutes late in this world than years early in the next.
Back to Top
red leader one View Drop Down
Senior Member
Senior Member
Avatar

Joined: 07 Oct 2014
Location: Cullercoats
Status: Offline
Points: 3059
Post Options Post Options   Thanks (0) Thanks(0)   Quote red leader one Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 08:30
Good advice already given.

I wouldn't worry.

There's enough brains on here to give whoever a kick in the &ollocks.

Metaphorically speaking of course.
Back to Top
stuv65 View Drop Down
Senior Member
Senior Member


Joined: 29 May 2015
Location: Gloucestershire
Status: Offline
Points: 228
Post Options Post Options   Thanks (0) Thanks(0)   Quote stuv65 Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 12:52
I occasionally join an archaeology dig and the organiser has recently emailed everyone on his mailing list asking them to reply to confirm he can hold their personal details. 

Maybe something as simple as that will do. 

ta
stuart
Back to Top
V7Chris View Drop Down
Senior Member
Senior Member


Joined: 13 May 2017
Location: Shropshire
Status: Offline
Points: 986
Post Options Post Options   Thanks (0) Thanks(0)   Quote V7Chris Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 15:34
The other thing to consider is that we need to provide Brian with permission to share our forum profiles with others (members) or have the option not to consent to this and keep the profile private. IE, data sharing.  I know that the profiles are not sensitive or even accurate but the are still defined as personal data.  THE do we need to have access to others profiles as members?
Chris
Back to Top
Brian UK View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 13 May 2014
Location: Surrey
Status: Offline
Points: 8974
Post Options Post Options   Thanks (0) Thanks(0)   Quote Brian UK Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 17:04
I have already changed the forum spec in that profiles are now private, and can only be viewed by yourself, and the forum admin. So they are no longer public. It seemed the simplest solution.
Forum admin do have a need to see profiles, so I think that remains OK.

No details are ever shared outside the forum either, so that's another box ticked.
Brian.

Better 5 minutes late in this world than years early in the next.
Back to Top
Oldrat View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 May 2014
Location: Harrow
Status: Offline
Points: 1189
Post Options Post Options   Thanks (0) Thanks(0)   Quote Oldrat Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 17:27
Originally posted by Brian UK Brian UK wrote:

The new software does provide a "just in time" reminder but not certain yet whether that's just for new arrivals or covers all on the log in page.
Of course many wouldn't see it because they tick the box to be remembered by the forum, so don't need to log in.

There seems to be so many interpretations of what is needed.
On the one hand, one forum I know is sending out emails to all telling them they have to "opt in", but others, like FaceAche just have some new conditions for Europe.
I have an account at Garmin for maps, all I got from them was a statement saying they have a legitimate interest in the data I provided. The Waitrose store card tell me I need do nothing but read their new conditions.

Confused? Yes I am a bit.


I hope this’ll help make things a little clearer Brian

The key is “informed consent” placing the individual in control of what happens to their personal info.

The Information Commissioner says that it will be wrong if your policy is that unless users contact you to object or opt out, you’ll presume that they agree to your policy.  

That is how most data statements have been up until recently - tiny paragraphs hidden away with confusing tick boxes you have to search for if you want to opt out of the way they do things.

Now the boot is on the other foot, if an organisation wants to have your personal data they must get the individuals express permission, written or digital.  This applies to old existing data as well as new bods signing up.

I hope that helps.



Edited by Oldrat - 25 Apr 2018 at 17:31
1976 "Zagato" Gootsi cafe racer
1980 LM 2, Coburn and Hughes.
2017 BMW R1200 GSA
Back to Top
Brian UK View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 13 May 2014
Location: Surrey
Status: Offline
Points: 8974
Post Options Post Options   Thanks (0) Thanks(0)   Quote Brian UK Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 19:15
Well, yes and no.

We don't "use" members' data as such, and if members want email alerts from this forum they specifically have to request it.

We have 1600 members, am I supposed to email each one, then delete all the accounts of those who don't reply? Not something I can do, so if that was the only option, no more forum.

Brian.

Better 5 minutes late in this world than years early in the next.
Back to Top
Brian UK View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 13 May 2014
Location: Surrey
Status: Offline
Points: 8974
Post Options Post Options   Thanks (0) Thanks(0)   Quote Brian UK Quote  Post ReplyReply Direct Link To This Post Posted: 25 Apr 2018 at 19:26
I can, as I said, include a privacy notice, and this is what I am told about it.
This is shown on the bottom of the Forum Registration form and where Forum Members update their Forum Profile. This is to provide your Members with information on why you require Personal Data from Members and what you do with their Personal Data. This 'Just in Time Notice' is to help with Guide to the General Data Protection Regulation (GDPR) Compliance.

This would suggest that only new members and those changing any details in their profile will see it.
Brian.

Better 5 minutes late in this world than years early in the next.
Back to Top
 Post Reply Post Reply Page  123>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.00
Copyright ©2001-2018 Web Wiz Ltd.

This page was generated in 0.062 seconds.