Jump to content

GDPR
   (1 review)

Morrigan
  • This guide will work on explaining what GDPR is and how to comply with it's rules and regulations. As GDPR grows we will work on making changes so that it is always up to date.

     

    Type: Member/Forum Management

GDPR! A big and scary thing that has been circling and came to pass May 25th. It sounds a lot scarier than it is because of all the fines and scary talk about it and just because you are on a free host doesn't shield you from having to comply to it. This technically only applies to users in the EU however, there has already been chatter about bringing something similar to the US so it's better to be prepared then not (plus who wouldn't want to make a GDPR cake and eat it too?).

 

So what is GDPR?

It is called the "General Data Protection Regulations" and you can find out more about it here. What it does, basically, is puts in place requirements in order for users to have their privacy protected from sites that hold it. It gives users more rights in what could/should be held by an internet company, right down to the cookies. So what does that mean? Lets continue:

 

What are the rights that GDPR provides?

The right to be informed - This means that when you place a cookie on a users computer then you need to tell them that you are, including what the cookies are for. For example, when you visit the Initiative (while logged out) you will get this nifty bar:

image.png

This bar links to all of the important things including our Privacy Policy (which is the important one here). When you go to this page you can see that we do set cookies on your computer but nothing that we set can identify you with. However, if you want to know exactly what we set you can visit our cookies page. With these two things you are compliant with the right to be informed. For free hosts, like Jcink, that should be setup by Jcink however if it's not we are happy to help you figure out a good way to do this.

 

For this one, it includes things can't be auto checked (like Terms of Service or email signups on the registration page).

 

The right to data portability - What this is, is the ability to take your information from the Initiative and take it to another site. This doesn't include posts or submitted content. Just your personal private data. The way it's explained is that it must be in a format that is importable elsewhere (like an XML file) and this is less likely to apply to roleplay users. The example that the site uses is someone getting their patient records from one doctor's office and being able to transfer it to another doctor's office. Since roleplays, in general, are not the same across the board this will only apply to their IP addresses and user account data (email, display name etc).

 

For here at the Initiative we do allow you to request your personal information. You can do that in the Staff's Eyes Only and we provide the following:

image.png

 

The last one and the big one for roleplays is:

The right to be forgotten - This one has caused a lot of controversy because there is a debate about "what can and cannot" identify a person. The direct link here explains what GDPR believes is personal data (however these are the examples, not every possibility. I like to use myself as the example since the direct information on this is that to be "fully" removed no one can know who you are, literally fully forgotten. If someone can put it together and find the person then it is considered personal and should be removed. So, for me, if anyone can figure out my username from my posts then it means that I'm not forgotten. This can also be applied to unique character names and profiles, for example. The safest bet, even though it may ruin some stories, is to not only delete the accounts/profiles but the posts.

 

Only do this for a GDPR specific request, as not every request for deletion will be for GDPR reasons. Another important thing to note is that when you delete a user on a site like "Jcink" it just changes the username to Guest_Username you will need to fully remove the _Username part to make it fully compliant.

 

So the wrap up on GDPR!

It's not as scary as people think but it is important to make sure that you comply with it to make sure that something bad doesn't happen because of some vindictive member. Terms of Services do not protect you from this, just because it says everything you post is forever yours doesn't mean its forever yours if it conflicts with the above. We are working on software specific guides to help you with compliance (like how to remove the auto-check for "receive emails" in MyBB. We are also looking into suggested plugins to install so that you have less to worry about as the plugin should do all or most of the work.

 

If you have questions or concerns about GDPR, feel free to reply here and the staff will do what they can to assist. We are not lawyers so if you're super worried about it then we recommend talking to an actual lawyer.

 

Edited by Morrigan


  • Love 2



User Feedback


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use, Guidelines and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.