Page 1 of 1

#1 gdpr and fora

Posted: Mon Jun 11, 2018 11:25 am
by ed
I was recently asked a question which caused much head scratching...

from some background on the internet it seems that if a poster can be identified directly or indirectly through a history of posts then it may fall in the jurisdiction of the gdpr. If so, if a poster wishes to leave a forum then all content and data relating to that poster may need expunging.....

I hope I've misunderstood this...

these are strange times we live in.

#2 Re: gdpr and fora

Posted: Mon Jun 11, 2018 12:54 pm
by Nick
The right to deletion is not as simple as that, there are a number of reasons why information may be retained, some of those may well be applicable to forums.

#3 Re: gdpr and fora

Posted: Mon Jun 11, 2018 10:47 pm
by jack
Indeed, it's extremely complex and far from clear.

There are many self proclaimed experts who don't really have a clue and who are generally wrong. The regulations are subtle and full of detail.

The UK Information Commisionair's Office has a great document highlighting the key aspects of GDPR and how they might apply to you together with action checklists.

The main guide is at:
https://ico.org.uk/for-organisations/gu ... tion-gdpr/ (downloadable as a PDF)

A self-assessment is at:
https://ico.org.uk/for-organisations/re ... ssessment/

#4 Re: gdpr and fora

Posted: Tue Jun 12, 2018 3:12 am
by jack
I should point out that information you publish in a forum about yourself, or derived from information you publish, is almost certainly not in scope.

The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled. If you make your PII public, even in a closed forum, it's your problem, not the owner of the forum. There are many subtleties here and I'm not a lawyer, but I have recently spent a lot of time with lawyers over our own GDPR status, so it's an area I'm close to.

My opinion is worth exactly what you have just paid for it :)

#5 Re: gdpr and fora

Posted: Tue Jun 12, 2018 8:46 am
by Nick
Yep, a good example is if you are in the crowd at a public event and someone takes a picture with you in it, then you have no control over that image of yourself.
Indeed, it's extremely complex and far from clear.
Yep, but I agree that the docs on the ICO website are the best source of clarity, avoid anyone trying to sell you consultancy on the subject.

Compared to PCIDSS GDPR is a gem of clarity.

#6 Re: gdpr and fora

Posted: Tue Jun 12, 2018 9:34 am
by ed
jack wrote: Tue Jun 12, 2018 3:12 am The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled.
I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....

wish I hadn't mentioned it now....what a minefield.

#7 Re: gdpr and fora

Posted: Tue Jun 12, 2018 9:37 am
by ed
jack wrote: Tue Jun 12, 2018 3:12 am
My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.

#8 Re: gdpr and fora

Posted: Tue Jun 12, 2018 10:04 am
by Nick
I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....
Yep, though that doesn't alter what Jack said. The ICO is the best and least excited source of info.

#9 Re: gdpr and fora

Posted: Tue Jun 12, 2018 10:06 am
by Nick
ed wrote: Tue Jun 12, 2018 9:37 am
jack wrote: Tue Jun 12, 2018 3:12 am
My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
Just send me your bank account details, card PIN number and Mothers maiden name and I will refund it all to you.

#10 Re: gdpr and fora

Posted: Tue Jun 12, 2018 11:30 am
by jack
Nick wrote: Tue Jun 12, 2018 10:06 am
ed wrote: Tue Jun 12, 2018 9:37 am
jack wrote: Tue Jun 12, 2018 3:12 am
My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
Just send me your bank account details, card PIN number and Mothers maiden name and I will refund it all to you.
Well, that certainly counts as PII, so I'm reporting you to the ICO... 8)