Enhanced GDPR for XenForo 2 [Deleted]

Slavik

XenForo moderator
Staff member
Slavik submitted a new resource:

GDPR for XenForo 2 - Website assessment + Enhanced GDPR Compliance Tools

This addon + service is not affiliated with XenForo Ltd.

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This will...

Read more about this resource...
 
To re-iterate a key point. Most sites will be fully compliant with the in built XenForo tools. If you are unsure as to if you need this, please feel free to start a conversation and I can ask a few key questions (Free, obviously) regarding your site to let you know if you should look further into this.

Thanks!
 
What exactly does the "addon" part do?

Enhanced log keeping relating to explicit consent and withdrawal requests. It also contains key information for the site users and what it means for them.
 
What kind of insurance so you offer site owners that use this service and still find themselves getting a fine?
 
What kind of insurance so you offer site owners that use this service and still find themselves getting a fine?

Insurance? None.

Assurance? I have spent huge quantities of time in assisting my clients regarding GDPR and getting them ready for it. This has included reading more pages of ICO and GDPR texts than I care to remember, countless hours on the phone to the ICO clarifying specific points, and my prior experience under the DPA for several organisations including training courses.

While I am not a lawyer (and, ultimately even lawyers will not guarantee the advice they give you will be iron clad on such matters) all the advice will be given on good faith and what I have personally verified from the ICO as being correct.
 
No, it is really not needed in the core, as most won't need it.

"While XenForo 1 and XenForo 2 both are compliant with the inbuilt functionalities provided, the addon will improve on some areas to give added peace of mind for the site owner."
 
Understand, but what about explicit consent and withdrawal requests? Isn't that a must have? Also access to show all information about users?
 
I still don't even understand how the EU would have jurisdiction over my website which resides in Canada. Which has it's own privacy laws that I must follow. Not the EU's.
 
The issue is that if you serve EU citizens then their personal data is protected by the GDPR. If you breach that, then you could receive a hefty fine from an EU watchdog. You can ignore that and I guess that would not impact you as long as you do not travel to the EU nor do business there.
 
Good work on this addon. How certain are you that there are no opt-ins needs for Google Analytics?

Very certain. Analytics is anonymised data. So I suggest mirroring the ICO's approach, tell people you use analytics, but requiring explicit opt in to it not needed.
 
Very certain. Analytics is anonymised data. So I suggest mirroring the ICO's approach, tell people you use analytics, but requiring explicit opt in to it not needed.
Excellent. The story is different for people with advertising, though, from Adsense, DFP or AdExchange, right?
 
Excellent. The story is different for people with advertising, though, from Adsense, DFP or AdExchange, right?

Yes, user-specific targetted ads will need explicit opt in. Anonymised ads not so much. I believe adsense is adding an option for this. I dont know about DFP/AdExchange.
 
So "normal" Adsense is ok? Or does that still count as user-targeted? (i.e. I think it's targetting a demographic, not a particular individual)
 
Top Bottom