Ozzy47
Well-known member
did I say to use that? No!
I simply stated that there is a addon/service for that, I did not tell anyone they should use it, not did I recommend it.
GDPR discussion thread
- Thread starter 7ore
- Start date
did I say to use that? No!
I simply stated that there is a addon/service for that, I did not tell anyone they should use it, not did I recommend it.
Ozzy47
Well-known member
I see you came here to troll, I do not wish to partake in this game.
trapped_soul
Well-known member
Seriously.. please... just stop. Thanks. Your're not doing anyone any favours who wants a decision on something. Merely getting in the way. Please just stop okay.
trapped_soul
Well-known member
No, as a business owner I want informed and educated responses. I have £20K + worth to lose. Do you? So we need clear, concise explanation. Not heresy.
When you've invested £20k+ please come back. Thanks.
trapped_soul
Well-known member
Agreed. Thank you.
@trapped_soul it would seem from your posts you need to go hire a lawyer to assess your site and write you up a report specific for you with a guarantee it is accurate and insured to indemnify you against any potential loss.
Once you've done that i'll be more than happy to do a report of my own on your site free of charge and we can compare notes.
Once you've done that i'll be more than happy to do a report of my own on your site free of charge and we can compare notes.
Davyc
Well-known member
And charge more than a hobbyist can afford, it would be easier and less of a headache for hobbyists to simply close down their sites and avoid all of the angst that this new regulation is bringing. It's a ludicrous regulation that has taken privacy to a new level of bureaucracy, even so it will become law and the little people who can be affected by it will have to make use of whatever means that are within their reach, to make an attempt to achieve compliance.
The ICO has stated that their role is to firstly educate people of the Privacy rules and will only use penalties if their is a serious breach caused by gross negligence; that is a softening of the blow and gives some room to chill and think about what you ought to be doing.
Software providers can be of help if they can adjust their software slightly to help users comply with this new regulation. For example there is a need to ask people to confirm their acceptance for any third party cookies that may be dropped on their devices; this includes YT videos, so if a site uses YT videos Google will be dropping their 3rd party cookies onto the device of someone who uses your site and you have to ask for their explicit permission before they can watch said videos. What a pain that is if there is nothing in place within the software that allows you to gain this consent. But it doesn't stop there. If your site uses adverts then those advertisers will be dropping their cookies onto someone's device when they visit your site and you have to get their permission for this too. You can see where this is going ... ANYTHING from your site that drops 3rd party cookies, you need to get a users/visitors permission. The little bar that pops up at the bottom of your screen that says "this site is using cookies are you OK with this?" is not enough. You are also expected to list all the cookies that are being dropped on your site in your cookie notice.
I've been wrapping my head around this new regulation for weeks now and there is always something that went unnoticed that rears its ugly head that causes a new avenue of investigation to be opened up. Even businesses are having a hard time trying to work through this and many people using forum software have monetised their sites in order to keep them running and to pay some (all) bills. So, for everyone, including hobbyists, it's just a complete and utter nightmare with no one out there guaranteeing that you will be complying with this new regulation, even after taking their advice. Rant over lol.
Ozzy47
Well-known member
Something like this might help admins, https://www.nymity.com/gdpr-toolkit.aspx maybe someone who is a bit well versed in GDPR policy can try it out and give their opinion.
RobinHood
Well-known member
I was creating a new facebook social login for a wordpress site yesterday and they now require you to post a link to a privacy policy when you create the facebook app.
A quick google and I came across a site called iubneda, which helped me to create a very basic one for free, which is all I needed for the site in question.
http://iubenda.refr.cc/X2Z53DN (referral link)
But it's got a very detailed and capable generator if you have lots of codes, trackers and various systems integrated into your site. You just search for the services you use, it tells you about the data they collect and then you can add it to your privacy policy with a single click.
It then generates a nice privacy policy for you which you can add to your site
I'm currently using the free version, which I think is limited to 4 services.
It's $27 per year per site/app for the pro version or $9 a month for 5 sites.
If you have a pretty complex policy though with lots of trackers, it would probably be worth it to have a system like this to manage it. It seems pretty well designed.
Referral Link to iubenda
A quick google and I came across a site called iubneda, which helped me to create a very basic one for free, which is all I needed for the site in question.
http://iubenda.refr.cc/X2Z53DN (referral link)
But it's got a very detailed and capable generator if you have lots of codes, trackers and various systems integrated into your site. You just search for the services you use, it tells you about the data they collect and then you can add it to your privacy policy with a single click.
It then generates a nice privacy policy for you which you can add to your site
I'm currently using the free version, which I think is limited to 4 services.
It's $27 per year per site/app for the pro version or $9 a month for 5 sites.
If you have a pretty complex policy though with lots of trackers, it would probably be worth it to have a system like this to manage it. It seems pretty well designed.
Referral Link to iubenda
Last edited:
Ozzy47
Well-known member
Looks interesting. Yet one more little tool to help admins get their site in compliance, thanks for sharing the link. Will be interesting to see how you Hebron with it after a few months.
RobinHood
Well-known member
Yeah, it does seem like a bit of a minefield, but tools like this make it easier to wrap your head around it all. It is interesting learning about all the data that's collected and used, when browsing the services you can also select exactly what info you site requests and uses and how it's used.
I think in the long run this will actually be a pretty big step in getting admins to up their game and understand themselves exactly what's going on with all the tracking code snippets they paste into their sites without a second thought about what it might be doing in the background.
It's amazing how granular you can be with getting the data from services like facebook
The only thing that just occurred to me is what to do when it comes to a business that outsources any of their products or services. Say for example some of the products I offer I don't keep in stock, but sell through my website. When a customer places an order, I place that customers order with my supplier who ships it. So I'm sharing that customers details with a 3rd party.
I imagine I'll have to now disclose this, but to what extent? Can I just say that I have deals with trade suppliers and certain transactions will involve them and I pass on customers shipping addresses? Do I have to say which products it applies to? Will I have to name my suppliers?
I can see this becoming very problematic from competitive standpoint. I wouldn't want my competition knowing this information about my supply chain.
This could easily apply to sites that have merch stores or other drop shipping services integrated into their community.
What happens when a trade supplier has a data breach? I'm guessing you then have to contact all of your customers to let them know that one of your suppliers who has their personal data has had a data breach and name that supplier. Of course the customers should know this, but it could also destroy businesses that rely on sourcing and reselling products and services like this. A single email blast informing the entire customer base of a breach like that could mean none of them ever place an order through you again.
Some good vids here on using the generator I linked above, it seems they have tools to help you comply with things like COPPA too.
1. Introduction
2. Adding Services
I think in the long run this will actually be a pretty big step in getting admins to up their game and understand themselves exactly what's going on with all the tracking code snippets they paste into their sites without a second thought about what it might be doing in the background.
It's amazing how granular you can be with getting the data from services like facebook
The only thing that just occurred to me is what to do when it comes to a business that outsources any of their products or services. Say for example some of the products I offer I don't keep in stock, but sell through my website. When a customer places an order, I place that customers order with my supplier who ships it. So I'm sharing that customers details with a 3rd party.
I imagine I'll have to now disclose this, but to what extent? Can I just say that I have deals with trade suppliers and certain transactions will involve them and I pass on customers shipping addresses? Do I have to say which products it applies to? Will I have to name my suppliers?
I can see this becoming very problematic from competitive standpoint. I wouldn't want my competition knowing this information about my supply chain.
This could easily apply to sites that have merch stores or other drop shipping services integrated into their community.
What happens when a trade supplier has a data breach? I'm guessing you then have to contact all of your customers to let them know that one of your suppliers who has their personal data has had a data breach and name that supplier. Of course the customers should know this, but it could also destroy businesses that rely on sourcing and reselling products and services like this. A single email blast informing the entire customer base of a breach like that could mean none of them ever place an order through you again.
Some good vids here on using the generator I linked above, it seems they have tools to help you comply with things like COPPA too.
1. Introduction
2. Adding Services
Last edited:
Ozzy47
Well-known member
Yeah, GDPR compliance is something each admin is going to have to evaluate and determine the best course of action for their sites. Unfortunately there will be no cookie cutter solution to fit everyone's needs.
Admins need to explore all options available to help them with policy compliance and determine which best suits their needs based off cost and confidence of the service.
Admins need to explore all options available to help them with policy compliance and determine which best suits their needs based off cost and confidence of the service.
trapped_soul
Well-known member
Thank you for the offer. I have spent numerous times on the phone to the ICO and am pretty sure I have a good understanding based on what they've told me. I think it's admirable of you to offer this to the community however.
Interesting, that looks very good. Clean..
Indeed, after seeing some other posts and links, this was posted by @Davyc and I ran a full report myself too and only failed on the explicit acceptance of cookies. (choosing what type and to opt-in)
https://www.cookiebot.com/
Again, they run a good audit - although took several hours and is free/pretty cheap for what we need with a nice notice asking the visitor for their permission et al.
It also has a good audit sheet that you can grab the js/HTML code and embed it the into the head of your pages.
Seamlessly integrated too by copying your own CSS.
So there are options out there, just be calm, do some research and try to understand what it is they're requiring of us.
Imagine the DPA - extended, but more in favour of consumers and with their data - which can only be a good thing for us all.
Most of you who own business sites, should already be practising good control of data anyway.
Stuart Wright
Well-known member
We need a page like the new Pintrest privay policy: https://policy.pinterest.com/en/updates-to-our-privacy-policy
Stuart Wright
Well-known member
Blimey. They are *so* different. It's all about the wording. The Xenforo wording is factual/business like. Pintrest wording is way more personal in nature. Much more likely to engender support and cooperation in my opinion.
Robust
Well-known member
Depends how concerned (the exact word I used) you are, really.And charge more than a hobbyist can afford, it would be easier and less of a headache for hobbyists to simply close down their sites and avoid all of the angst that this new regulation is bringing. It's a ludicrous regulation that has taken privacy to a new level of bureaucracy, even so it will become law and the little people who can be affected by it will have to make use of whatever means that are within their reach, to make an attempt to achieve compliance.
The ICO has stated that their role is to firstly educate people of the Privacy rules and will only use penalties if their is a serious breach caused by gross negligence; that is a softening of the blow and gives some room to chill and think about what you ought to be doing.
Software providers can be of help if they can adjust their software slightly to help users comply with this new regulation. For example there is a need to ask people to confirm their acceptance for any third party cookies that may be dropped on their devices; this includes YT videos, so if a site uses YT videos Google will be dropping their 3rd party cookies onto the device of someone who uses your site and you have to ask for their explicit permission before they can watch said videos. What a pain that is if there is nothing in place within the software that allows you to gain this consent. But it doesn't stop there. If your site uses adverts then those advertisers will be dropping their cookies onto someone's device when they visit your site and you have to get their permission for this too. You can see where this is going ... ANYTHING from your site that drops 3rd party cookies, you need to get a users/visitors permission. The little bar that pops up at the bottom of your screen that says "this site is using cookies are you OK with this?" is not enough. You are also expected to list all the cookies that are being dropped on your site in your cookie notice.
I've been wrapping my head around this new regulation for weeks now and there is always something that went unnoticed that rears its ugly head that causes a new avenue of investigation to be opened up. Even businesses are having a hard time trying to work through this and many people using forum software have monetised their sites in order to keep them running and to pay some (all) bills. So, for everyone, including hobbyists, it's just a complete and utter nightmare with no one out there guaranteeing that you will be complying with this new regulation, even after taking their advice. Rant over lol.
If you are quite concerned that your model of business has significant data of EU citizens, and/or you have a relatively large income or effect, then you should absolutely talk to someone actually well versed in the legislation. The closest to a guarantee you're getting is a well-versed lawyer and/or consultancy firm. We don't take legal advice from people on reddit, in the same sense we shouldn't take legal advice (regarding the GDPR) without consulting professionals, if you believe the GDPR will significantly impact your operations.
The EU does not have endless resources to prosecute everyone and anyone for small "infractions" of the GDPR, nor is that the intention of the GDPR. For hobbyists (specifically those running forums, with minimal personal data), reading publicly available documentation and revising your procedures based off that should be sufficient to show that you do care about the privacy of your customers. If we're being realistic here, even if you don't change anything about how you operate, small forums aren't going to be targeted. That said, if you aren't taking data of your users seriously then that's something you should've worked on even before GDPR.
There are many regulations that are pointless bureaucracy, but the GDPR definitely isn't one of them. Companies have used and abused the data of individuals, given them little control over how it's used, how it's shared and various retention policies. It's honestly disgusting how little respect companies have for the privacy of individuals. It isn't here to fine anyone and everyone that doesn't comply, it's here to guarantee citizens the rights to privacy that they should've had. It is a directive that is relevant to today's internet age. It gives law enforcement the legal means to prosecute businesses that clearly process (often sensitive) data and are reckless with it. It gives citizens the rights to control access to their data, or request businesses not process data that they do not want processed.
I really cannot understand why people think that law enforcement has unlimited resources to go after every hobbyist project, especially for every little violation that has no end impact.
Robust
Well-known member
This seems very cool, and is used by some rather large organisations (incl. OpenGov and some MIT projects). I'd imagine this would satisfy the needs of any hobbyist project, for sure.
