Is this forum prepared for the GDPR?
- Posted by ABC Apr 28, 2018
- 2548 views
At jimcbrown's request, I've returned to the forum to discuss the effect of the GDPR on this forum.
For those who aren't familiar, the GDPR is a new regulation in the European Union that takes effect this May. It encompasses a wide ranging set of new rules on how personally identifying information is to be used. I imagine that this forum, which is open to the entire world, has at least a few users in the European Union. This means that the GDPR applies to us.
Yes, even if we're mostly Americans and the forum is hosted in America, the rules still apply.
Right now, we are collecting personally identifiable information and displaying it publicly. A person's name and location are optional, but if provided they are shared.
We also collect email addresses, which are required to sign up. Even though these aren't displayed publicly, policies to discuss how this data is retained and used are needed; as well as how this information can be deleted.
There might be other personally identifying information being collected (such as ip adddresses) and policies need to include that as well.
Also, the GDPR requires that we appoint a privacy officer. We need to start figuring out what needs to get done, and then do it.
Discuss.
