Templot Club Archive 2007-2020                             

topic: 3248General Data Protection Regulation (GDPR)
author remove search highlighting
 
posted: 24 Mar 2018 17:47

from:

Martin Wynne
 
West Of The Severn - United Kingdom

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
Friends,

The The EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018. We shall soon be hearing a lot about it.

As far as I can determine it applies only or mainly to commercial web sites, so I'm heaving a sigh of relief that Templot is now free and I'm no longer trading.

However there may still be implications for the Members List here on Templot Club and the information contained in members' Profile pages, and in their old posts.

Please review the contents of your Profile and Preferences pages:

 http://85a.co.uk/forum/my_account.php?edit_profile=1

 http://85a.co.uk/forum/my_account.php?edit_preferences=1

and make any changes you want.

Please note that I switched off the Private Message (PM) functions on Templot Club some time ago, so the settings related to that have no effect.

At present the Templot Club software does not make any provision for members to be omitted from the membership list, or for members to delete their own membership entirely, or to delete their own posts (although they can edit them to empty).

Deleting a membership is a major issue because of the question of what to do with existing posts, especially where the content has been quoted in posts by others.

I need to decide what to do about all this. In the meantime if you want something deleted or removed please email me. My email address is easy to guess, but if not you can find it by clicking on my name on the left.

cheers,

Martin.

posted: 2 May 2018 13:00

from:

Martin Wynne
 
West Of The Severn - United Kingdom

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
As I mentioned, with only 3 weeks to go we are now hearing a lot about the GDPR and getting emails about it from various firms which we have dealt with in the past.

I'm unwilling to spend hours/days combing through the legislation, and it is proving impossible to find definitive information about how or if it will apply to a hobby forum such as Templot Club.

I'm minded therefore, at least in the short term until the muddy waters have cleared a bit, to remove all member access to the membership list, and the individual Profile information which you may have entered. Which is a shame, but I'm wondering how much use anyone actually makes of it in practice?

There is already a specific tickbox to make your email address accessible to other members and therefore allow them to send you emails*, so I will try to keep that function working (replacing the personal message functions which I removed some time ago because of different legislation), as that tickbox would seem to be the specific consent required by GDPR.

*It's not clear whether giving consent to be contacted by other members applies only to those who are members at the time the consent is given, or also applies to any additional members who may join in future. And whether such consent is only meaningful if you can see a membership list of current members at the time, and whether such a membership list can only show members who have specifically consented to be on it. :?

The GDPR is an utter minefield, let's hope some common sense prevails.

cheers,

Martin.

posted: 11 May 2018 10:43

from:

madscientist
 
 

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
My advice to various small voluntary organizations that I’m involved in , is to do nothing in the medium term. currently it’s like y2k all over again , with “ consultants “ everywhere.

In time , the simple messages will emerge and clarity will be established
By the way , it’s  no “ minefield “ you can read the underlying EU regulation , it’s quite simple ( in general ) the key  things are 

1. No use of personal data other then what the data was originally provided for 
2. Opt-ins and not Opt-outs 
3. Explicit consent 
4. Only adults can give consent 
5. The right to be forgotten ( this is the biggest technical challenge ) , Ie removing all trace of personal data 
6. The right to inspect your own data, including any records not public 
My own view is something like the GDPR is entirely necessary to reduce the proliferation of people using personal data for nefarious marketing etc.  

These are the key takeaways 

I recently had to,point out  to my railway club that sending emails to members where all members emails address were visible in the cc field , would be potentially contravening the regulation , they have now discovered the  bcc field ! 

Dave 
Last edited on 11 May 2018 10:53 by madscientist
posted: 11 May 2018 11:29

from:

Martin Wynne
 
West Of The Severn - United Kingdom

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
madscientist wrote:
In time, the simple messages will emerge and clarity will be established
By the way, it’s  no "minefield" you can read the underlying EU regulation, it’s quite simple (in general)
Hi Dave,

I have read a lot of it (until you lose the will to live).

The key point which is difficult to pin down, is to what extent does it apply only to commercial web sites? The legislation frequently refers to "companies" and there is an assumption that the personal data is being used for financial gain, as with Facebook and other social media, and all those online mail order places who want you to register an account with them before sending you anything.

On a hobby web site such as this, no-one is making any money from the data. Or at least, the site owner isn't. :)

Does the GDPR still apply with full force in such cases?

regards,

Martin.

posted: 16 May 2018 13:16

from:

madscientist
 
 

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
Martin Wynne wrote:
madscientist wrote:
In time, the simple messages will emerge and clarity will be established
By the way, it’s  no "minefield" you can read the underlying EU regulation, it’s quite simple (in general)
Hi Dave,

I have read a lot of it (until you lose the will to live).

The key point which is difficult to pin down, is to what extent does it apply only to commercial web sites? The legislation frequently refers to "companies" and there is an assumption that the personal data is being used for financial gain, as with Facebook and other social media, and all those online mail order places who want you to register an account with them before sending you anything.

On a hobby web site such as this, no-one is making any money from the data. Or at least, the site owner isn't. :)

Does the GDPR still apply with full force in such cases?

regards,

Martin.
reading through the Regulation , I think its clear that while the Regulation mentions and defines an  "Enterprise", as a body engaged in " economic " activity and it has exempted such " enterprises" from  certain reporting and data rentenion 

However Article 2 ( material scope ) is very clearly spelt out 


2.

This Regulation does not apply to the processing of personal data:
(a) in the course of an activity which falls outside the scope of Union law;
(b) by the Member States when carrying out activities which fall within the scope of Chapter 2 of Title V of the TEU
(c) by a natural person in the course of a purely personal or household activity;
(d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 



 There have been " misguided " suggestion that it doesnt apply to people not engaged in " economic activity " because they fall out of the definition of an " enterprise "  There is no such exception ( equally there is no mention of the word " companies " , the term used is enterprise .


However you could argue under two grounds 


(a) you are engaged in a personal activity . i.e. its for your interest and entertainment 


(b) You actually dont collect any identifying data in the first place , as all you need to access the site is a anonymous user name and password and you hold no other data that makes it possible to identify the user , once you are dealing with anonymised data and that falls outside the scope of the regulation 


regards 


D^&e ( hidden by the need to remain anonymous to protect Martin) :D

EDIT , just looked, you do require email address to be supplied, I suggest you remove that ( its of little use to u anyway ) and hence its anonymised data and exempt 

Last edited on 16 May 2018 13:19 by madscientist
posted: 17 May 2018 13:04

from:

Martin Wynne
 
West Of The Severn - United Kingdom

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
madscientist wrote:
EDIT , just looked, you do require email address to be supplied, I suggest you remove that ( its of little use to u anyway ) and hence its anonymised data and exempt
Hi Dave,

Unfortunately an email address is an essential part of the forum software. Otherwise it is not possible for members to receive or reset their password, or receive notifications of posts.

I have just received a useful email from XenForo about some changes they are making to their forum software to permit compliance with GDPR, which can be assumed to be applicable to most other web forums:

1. The ability to force all users to acknowledge and agree to your Terms and Conditions and Privacy Policy at any time, and a log of when they last agreed.

2. A more explicit message about cookies being required for site operation, forcing users to explicitly acknowledge their use.

3. The option to opt in or out of site emails can now be shown on the registration form.

4. When deleting a user, a new option allows the user's content to be anonymised.

5. User's data can now be exported, and imported elsewhere by the user.

6. There is a new default privacy policy Help page.


XenForo say "Thankfully, the extent to which the practices of most legitimate businesses and organisations will need to change has been greatly overstated by a sensationalist media looking for a story."

Which leaves me with the main question still unanswered - is the Templot Club forum a "business or organisation" within the meaning and scope of GDPR?

regards,

Martin.

posted: 17 May 2018 13:42

from:

madscientist
 
 

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
It doesn’t matter whether your a business or an organisation or whatever moniker you apply !
The rules apply to everyone irrespective , only household activity and personal are excempt 

The whole things is overblown by “ consultants “ trying a y2K  return event 
Last edited on 17 May 2018 13:50 by madscientist
posted: 21 May 2018 23:37

from:

Martin Wynne
 
West Of The Severn - United Kingdom

click the date to link to this post
click member name to view archived images
view images in gallery view images as slides
After due consideration, I have decided to ignore the GDPR until such time as I receive a knock on the door. :)

As far as I can tell, the requirements are covered by the existing Templot Club forum software.

I have summarised all that here:

 topic 3273

Please be sure to read that and take note of the information.

The GDPR requires that you give specific consent for your data to be stored in the Templot Club database and to receive emails from Templot Club.

Until told otherwise, I have decided that you did that when you joined Templot Club, or requested membership, or added personal information, even if that was several years ago.

One complicating detail is the fact that all posts are also transmitted to the Yahoo archive, and also by email to other members. From where they cannot be deleted. It's not clear to me how this is compatible with the GDPR right to be forgotten. For the present I'm adopting a head in the sand approach to this. It would be a great shame if the Yahoo archive has to be deleted, because it provides (on the rare occasions it actually works) by far the best custom search facilities for the Templot Club content.

regards,

Martin.



Templot Club > Forums > Templot talk > General Data Protection Regulation (GDPR)
about Templot Club

Templot Companion - User Guide - A-Z Index Templot Explained for beginners Please click: important information for new members and first-time visitors.
indexing link for search engines

back to top of page


Please read this important note about copyright: Unless stated otherwise, all the files submitted to this web site are copyright and the property of the respective contributor. You are welcome to use them for your own personal non-commercial purposes, and in your messages on this web site. If you want to publish any of this material elsewhere or use it commercially, you must first obtain the owner's permission to do so.
The small print: All material submitted to this web site is the responsibility of the respective contributor. By submitting material to this web site you acknowledge that you accept full responsibility for the material submitted. The owner of this web site is not responsible for any content displayed here other than his own contributions. The owner of this web site may edit, modify or remove any content at any time without giving notice or reason. Problems with this web site? Contact webmaster@templot.com.   This web site uses cookies: click for information.  
© 2020  

Powered by UltraBB - © 2009 Data 1 Systems