Re: Is this forum prepared for the GDPR?
- Posted by jimcbrown (admin) Apr 30, 2018
- 2309 views
Is there a need to store any personal data on this website. I think not.
We can get away with forgetting about IP addresses after a period of time.
We need to retain pseudonyms (the usernames used to identify on the forum) and that's personal data under the GDPR.
But, no need to keep the email address.
We need to retain email addresses. This is the only way we can verify that it's the same user if that user forgets both the password and the secret answer.
If we insist on a real email then we increase the work the troll needs by a small amount.
Trolls are a different problem.
If we erase all personal data today then we should be prepared for GDPR.
That would be nice and easy. But it's not possible.
Be careful here though. From what I understand, GDPR requires an explicit opt-in before email messages can be sent.
I think we're fine here. The current process requires the end-user to initiate all emails to us, to which we reply. We no longer send unsolicited emails to perform verification of email addresses.
But equally (and figure this one out), non-acceptance of terms and conditions, and non-storage of data should not be a bar to registering with a company. That's going to be fun with patient records.
No, there's an alternative basis for hospitals et al. in this case.
Many people mistakenly think that organisations must get consent to process personal data, but consent is one of six lawful grounds for processing data,
The other lawful grounds are:
A public task: for example, to complete official functions or tasks in the public interest. This will typically cover public authorities such as government departments, schools and other educational institutions; hospitals; and the police.
The EU has just created a multi billion euro business, out of nothing. Best business plan ever.
Kinda like the US did with imposing FACTA on European banks; drumming up business for tax lawyers worldwide.