New Cookie Policy Bar, GDPR and so on.

This topic has 9 replies, 3 voices, and was last updated 7 years, 11 months ago by RSB.

Viewing 10 posts - 1 through 10 (of 10 total)

Author

Posts
March 31, 2018 at 4:54 pm #18989
RSB
Keymaster
@bdthree
Forumite Points: 5,183
You will have noticed the new bar this aft. With all the news about the new GDPR rules coming in I think it’s about time I start getting this sorted even though there is not many of us. I can not afford fines if they come for me. I also can not afford the costs of getting people in to make sure everything is legal and legit so the two options left is wing it the best I can and what I can before May or just shut the site down. I’ll opt for the first :). Still, I have never been 100 % with the laws and this new regulation coming in will take some research and I’ll I will do bit’s and bob’s as I can before the deadline. So expect some news on this front. The obvious rule that stands out in this lot is the option for members to delete there account and everything related to it which as always been there. The site collects very little info and the donate button is a Paypal issue, not mine “Sort Of”.

Still, I will do it in parts as it hurts my head.

P.S If anyone wants to help with this PM me.

Americans: Over Sexed, Over Payed and Over here, Wat Wat!
March 31, 2018 at 5:18 pm #18994
Ed P
Participant
@edps
Forumite Points: 39
Lee you may want to check out the GDPR Forum. This looks to be a friendly place to get advice on a non-marketing forum.
March 31, 2018 at 5:19 pm #18995
RSB
Keymaster
@bdthree
Forumite Points: 5,183
Thanks, I will do.

Americans: Over Sexed, Over Payed and Over here, Wat Wat!
March 31, 2018 at 7:31 pm #19013
Dave Rice
Participant
@ricedg
Forumite Points: 7
I’ve been doing some research for the small businesses I look after. I’ve attended webinars from people like BitDefender, Hikvision and Synology. It’s nothing to panic about and all common sense. There’s a lot of scaremongering about too. I’m sure you’re doing all of the techie things already, the bit that’s usually missing is formal documentation of your procedures (this basically shows you’ve thought about it and done something about it).

Get permissions (T & Cs) for what you want to do and only do that. Only collect the information that you need to do that.

Keep peoples data safe by doing all you can to protect it from the bad guys, that means keeping security patches up to date, firewalls and AV. It also means user IDs and passwords at your end as well as ours. For backups to places like my server or Dropbox etc. encrypt them and password protect them.

Formally ask me what my procedures are for compliance on my server that you’re storing the encrypted backups on. If any data breach could be traced to me you’d be covered, but then as it’s encrypted and password protected then even if someone got at the backups there’s sod all they could do with it any way.

Having PayPal deal with the financial transactions is a huge tick. If you can’t trust them to do all of the above then who could you trust? and you won’t be holding any sensitive data yourself.

From the Forumite side I’d say you have very little to be worried about hosting a community forum where the only transactions are from people volunteering donations via PayPal.
March 31, 2018 at 7:42 pm #19016
RSB
Keymaster
@bdthree
Forumite Points: 5,183
Cheers Dave. I actually have the page ready. Cookie Policy, Privacy Policy & Terms and Conditions although I need to keep going through them to make changes. I just need these in the footer now plus while I am rebuilding the registration form I need an accept button.

Americans: Over Sexed, Over Payed and Over here, Wat Wat!
March 31, 2018 at 8:05 pm #19022
Ed P
Participant
@edps
Forumite Points: 39
Don’t forget to get it out soon Lee. It is a lot easier (according to the GDPR Forum) to do it before the implementation date.
March 31, 2018 at 8:33 pm #19024
Dave Rice
Participant
@ricedg
Forumite Points: 7
If it’s technically possible I would consider forcing a one off permission seeking event for everyone the first time they visit after you’ve implemented.
March 31, 2018 at 8:46 pm #19026
RSB
Keymaster
@bdthree
Forumite Points: 5,183
@edps @ricedg I have about a month left so I will be putting some changes in. These might Be a minor anouyance but it will have to be done. I don’t share anything with third party services and social share buttons do not share user info, or they should not any how, that is within the site but I will be going through everything. Google analytics which I use will need to be looked at but a lot of stuff I have cut out in the past just to improve performance so there is little to do now.

Americans: Over Sexed, Over Payed and Over here, Wat Wat!
March 31, 2018 at 10:21 pm #19030
Dave Rice
Participant
@ricedg
Forumite Points: 7
This is an easier one, GDPR (and it’s predecessors which you should already be compliant with) are only interested in personally identifiable information i.e. it can be tied back to a person.

I seriously doubt you will be sending GA anything like that, but there’s a very good guide here
April 1, 2018 at 6:19 am #19044
RSB
Keymaster
@bdthree
Forumite Points: 5,183
Cheers Dave. Having looked at the things linked to I do not see any problems apart from a bit of house work I should of done already but hat will not take long.

Americans: Over Sexed, Over Payed and Over here, Wat Wat!
Author

Posts

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.