Author Topic: The EU General Data Protection Regulation (GDPR) - Help needed  (Read 1082 times)

Alan - The Webmaster

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 471
    • Skype
The EU General Data Protection Regulation (GDPR) comes into effect very soon and we need help.

Are there any members who have any knowledge about how this affects the forum?
Is there anything that has do be done to make the forum compliant?

There are many other questions that need asking but as I know very little about this legislation at the moment I don't know what these questions are.

What I do know is that as the webmaster I am personally liable and any infringement of the legislation means I could be prosecuted and the fines can be very high for business, it is unclear what the penalties are for non profit making organisations.

If I don't feel comfortable continuing the forum under this regulation I may have to close it.

So please anybody know how we stand, have any ideas or suggestions?


Alan
« Last Edit: May 12, 2018, 04:54:17 PM by Alan - The Webmaster »
Webmaster www.veraplayafriends.com and www.veraplayafriends.com/forum
Loves holidaying in Vera Playa

Roy

  • Full Member
  • ***
  • Offline Offline
  • Posts: 146
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #1 on: May 12, 2018, 06:04:57 PM »
My understanding is that the GDPR applies only to organisations providing goods and services. In the last few weeks I have received 30+ emails from Google, banks, supermarkets, gas and electricity companies etc informing me as required by GDPR about the data they hold about me and my rights to "disappear" online if I wish.

Is Vera Playa Forum hosted in the UK? If so I suggest you contact the UK Information Commissioner's Office  for free advice on the GDPR (unlike the many firms that advertise to help you for a fee).
« Last Edit: May 12, 2018, 06:09:02 PM by Roy »

Phil B-C

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 438
    • Skype
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #2 on: May 12, 2018, 07:51:14 PM »
It figures that the organisation(s) with a history of being one of the least adept at protecting personal information should make laws based on a "do as I say, not as I do" basis as they prefer it that they (and only they) should hold as much information on each and every one of us as is digitally possible under the guise of protecting ourselves from ourselves !

Regrettably, (with the exception of the many "experts" sensing a handsome profit who have come out of the woodwork with various length courses to explain the Gobbledegook that is GDPR), forums such as Vera Playa Friends (with whom 99% of the members use fake names so no one can be traced anyway) must suffer as a result !

Eric Arthur Blair might have been 34 years out, but no one can deny he saw it all coming !
« Last Edit: May 12, 2018, 08:12:26 PM by Phil B-C »

andreas

  • Guest
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #3 on: May 12, 2018, 09:23:49 PM »
If I don't feel comfortable continuing the forum under this regulation I may have to close it.

So please anybody know how we stand, have any ideas or suggestions.

Don't worry, Alan, there's no real problem, although the whole GDPR fiasco has been presented as being much more difficult than it actually is.  I've been involved in sorting out our local Parish Council's compliance with GDPR, and I reckon all you actually need to do is add a Data Protection Policy statement and a Privacy Notice.  It's quick and easy.  If I may, I'll PM you with links to my Council's wording, which you could use as a basis.

Alan - The Webmaster

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 471
    • Skype
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #4 on: May 13, 2018, 02:05:33 PM »
I too run my village website which carries all of the Parish Council material, that is what alerted to to the GDPR
Webmaster www.veraplayafriends.com and www.veraplayafriends.com/forum
Loves holidaying in Vera Playa

Alan - The Webmaster

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 471
    • Skype
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #5 on: May 15, 2018, 06:25:27 PM »
I took a look at the UK Information Commissioner's Office website. Conclusion - too much information, I don't have the time or inclination to plough through acres of irrelevant information or even learn about a subject that quite frankly bores me to death.


I need simple answers to simple questions
1. Does the forum not being a business have to comply?
2. If yes to 1, Can the forum comply without doing anything?
3. If no to 2, what has to be done?


Andreas has kindly given me access to the documents used by his Parish Council, I've had a read these and to comply to them would take some considerable work on my behalf. It is not just a simple case of putting notices on the site.


If I don't get suitable answers to the questions the forum will close on 25th May 2018


Alan
Webmaster www.veraplayafriends.com and www.veraplayafriends.com/forum
Loves holidaying in Vera Playa

Roy

  • Full Member
  • ***
  • Offline Offline
  • Posts: 146
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #6 on: May 15, 2018, 07:42:30 PM »
Hi Alan

I used to be a senior UK civil servant so was used to both creating and working with legislation.

In my research on GDPR I came across the following simple explanation of who it applies to:

"To fall within the remit of the GDPR, the processing [of data] has to be part of an “enterprise”. Article 4(18) of the Regulation defines this as any legal entity that’s engaged in economic activity. You must be careful not to mistake business conducted from home for household activity"

So is the Vera Playa website and Forum a legal entity and does it engage in economic activity (make money, buy and sell, create wealth?) I guess not but only you know the answer.  If the answer is no, then GDPR does not apply.

Roy
« Last Edit: May 15, 2018, 07:44:43 PM by Roy »

andreas

  • Guest
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #7 on: May 15, 2018, 07:56:31 PM »
I took a look at the UK Information Commissioner's Office website. Conclusion - too much information, I don't have the time or inclination to plough through acres of irrelevant information or even learn about a subject that quite frankly bores me to death.


I need simple answers to simple questions
1. Does the forum not being a business have to comply?
2. If yes to 1, Can the forum comply without doing anything?
3. If no to 2, what has to be done?


Andreas has kindly given me access to the documents used by his Parish Council, I've had a read these and to comply to them would take some considerable work on my behalf. It is not just a simple case of putting notices on the site.


If I don't get suitable answers to the questions the forum will close on 25th May 2018


Alan

Roy's response makes things easier for you.

The forum is hosted in Nottingham by Heart Internet, and so they are responsible for safeguarding the data on their servers.  I imagine that by now they may have issued their own GDPR compliance statement - if not, a quick phone call or email should reassure you that they're GDPR compliant.

If you don't sell our email addresses to anyone, or copy people's photographs elsewhere, I can't see that you'd have any problems.

If you don't want to be bothered editing the documents I've already shared with you, why not simply add a Privacy Policy notice to the forum, saying something like:-

"The Vera Playa Friends website respects your privacy and we know how important it is to you.

We will keep your email address and other information confidential unless you have given permission for information to be shown.
 
We will never share your information with third parties.

We use cookies only to keep you logged in and up to date, not for advertising reasons.

Our website is hosted in Nottingham UK on secure servers which fully comply with GDPR requirements."


Just adding this would be quick and easy.  The reality is that the website collects minimal information on members, so it's quite unlike most commercial websites which collect payment details, addresses, etc.  I can't see that you have any worries.


Alan - The Webmaster

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 471
    • Skype
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #8 on: May 16, 2018, 09:07:31 PM »
OK so I've been talking to other people away from this forum and also done a bit of reading and have found that the GDPR does not only apply to businesses. Any organisation that stores and/or processes personal data most comply to the regulation.

The forum only stores a little information, like members email address and IP address they use, if they have entered any personal details in the profile that is also stored.

So we must comply and that in turns means more than just publishing a new Privacy Policy Statement. We must be prepared to take action on request of any member in relation to their data.
Examples:
1. "The right to be forgotten" means that a member can ask for their data to be removed. Now does that just mean - delete their account or all date associated data, the latter would require deleting all of the posts that they have made, that in turn would make any threads that those posts came from incomplete. Also deleting many posts is not a quick task.
2. A member can request that they be supplied in a portable format all of their data, how I would do that I have no idea.

There are other areas that bother me but I'm not an expert on the GDPR and therein lies the problem


Alan
Webmaster www.veraplayafriends.com and www.veraplayafriends.com/forum
Loves holidaying in Vera Playa

the sandeys

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 24
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #9 on: May 17, 2018, 05:36:06 PM »
Hi,

I have shown your post and the website today to a couple of IT people I play golf with who have been heavily involved in this for their companies. They are both of the opinion that as it is a website who people apply to be become members of and it is basically an exchange of information, opinions etc, there is not too much to worry about, they both believe putting the privacy statement as mentioned in an earlier post would be sufficient. They also added as there is no commercial purpose to the website and guests viewing the site cannot post any messages or access any members details all should be ok.   
They did comment that if a member did leave they can ask for their email address etc to be deleted. If they ask for any posts to be deleted you could just blank them out without losing the remainder of comments on the subject and the member would have to specify which posts they wanted removed. I guess this will cause some work but is it ever likely to happen ?

It would be such a shame if this website closes and we hope it will long continue.  Both said if you post any other areas that are of concern to you they will endeavour to give me answers.


Alan - The Webmaster

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 471
    • Skype
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #10 on: May 18, 2018, 06:03:41 PM »
Hello the sandeys,


Thanks for discussing with your friends. Along with other information gathered from other sources I will give it all some serious thought over the weekend.


One of the problems is that I don't know the details of the GDPR so I don't know what other concerns or problems there may be.


Alan

Webmaster www.veraplayafriends.com and www.veraplayafriends.com/forum
Loves holidaying in Vera Playa

Roy

  • Full Member
  • ***
  • Offline Offline
  • Posts: 146
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #11 on: May 18, 2018, 07:26:27 PM »
Alan

I appreciate that as VPF Webmaster you are concerned about non-compliance with the GDPR and risk of prosecution and being fined. But no one is going to be prosecuted without first getting a warning and advice from the authorities and the opportunity to remedy non-compliance.

The authorities will initially have large companies in their sights and deal with any non-compliance by them first.  VPF, irrespective of how much members value it, will be a very long way down the"food chain'' and no one from the authorities will come knocking on your door for a long time, if ever.

As I said in my earlier post I am not certain that GDPR even applies to VPF. The enforcement authorities, who don't have unlimited resources, will for that reason start by addressing clear breaches of GDPR by larger/high public profile companies.

If you put in place a Privacy Policy that will send the right signals about VPF caring about its members' data.. Remember that VPF is one of tens, if not hundreds, of thousands of organisations in the UK that may be subject to GDPR compliance. Over the next few years legal cases will be brought to test and establish what GDPR means in practice. VPF will not be one of the test cases.

Regards, Roy

Alan - The Webmaster

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 471
    • Skype
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #12 on: May 21, 2018, 05:12:31 PM »
Thanks to Roy, Andreas, the sandeys and Phil for the feedback an help.

Also many thanks to John of Naturist-corner.net for his invaluable help.

After a lot of reading I have added a Privacy and Data Security Policy to the website and it can be found in the main website menu.

Acknowledgement must go to John, our policy is based on that generated by him and the staff at Naturist-corner.net as this was the closest fit to us that a I could find.


Alan
« Last Edit: May 21, 2018, 06:38:51 PM by Alan - The Webmaster »
Webmaster www.veraplayafriends.com and www.veraplayafriends.com/forum
Loves holidaying in Vera Playa

andreas

  • Guest
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #13 on: May 21, 2018, 06:21:33 PM »
Well done, Alan.  You can sleep soundly now!

Roy

  • Full Member
  • ***
  • Offline Offline
  • Posts: 146
Re: The EU General Data Protection Regulation (GDPR) - Help needed
« Reply #14 on: May 22, 2018, 08:38:17 AM »
Thank you Alan for the time and effort you have put into doing what was necessary.

I will now resume working with Phil on updating the maps.