GDPR discussion thread

That is me sharing my opinion, and not telling others not to share theirs. Many thanks...
I have inputted my concerns, you have only tried to sell the opinion that this is the right thing to do or otherwise. So please stop flaming the thread and allow actual business owners, like myself and others, an informed decision as to whether this should be an appropriate step to take as a buisness, to invest in this or not. Unless you have shares going on of course, hence the drive.
Again many thanks for your input.

I see you came here to troll, I do not wish to partake in this game.
 
did I quarantine to use that? No!

I simply stated that there is a addon/service for that, I did not tell anyone they should use it, not did I recommend it.
Seriously.. please... just stop. Thanks. Your're not doing anyone any favours who wants a decision on something. Merely getting in the way. Please just stop okay.
 
I see you came here to troll
No, as a business owner I want informed and educated responses. I have £20K + worth to lose. Do you? So we need clear, concise explanation. Not heresy.
When you've invested £20k+ please come back. Thanks.
 
@trapped_soul it would seem from your posts you need to go hire a lawyer to assess your site and write you up a report specific for you with a guarantee it is accurate and insured to indemnify you against any potential loss.

Once you've done that i'll be more than happy to do a report of my own on your site free of charge and we can compare notes.
 
f you are concerned, consult a consultancy firm with experience with the GDPR. The big ones all offer these services.

And charge more than a hobbyist can afford, it would be easier and less of a headache for hobbyists to simply close down their sites and avoid all of the angst that this new regulation is bringing. It's a ludicrous regulation that has taken privacy to a new level of bureaucracy, even so it will become law and the little people who can be affected by it will have to make use of whatever means that are within their reach, to make an attempt to achieve compliance.

The ICO has stated that their role is to firstly educate people of the Privacy rules and will only use penalties if their is a serious breach caused by gross negligence; that is a softening of the blow and gives some room to chill and think about what you ought to be doing.

Software providers can be of help if they can adjust their software slightly to help users comply with this new regulation. For example there is a need to ask people to confirm their acceptance for any third party cookies that may be dropped on their devices; this includes YT videos, so if a site uses YT videos Google will be dropping their 3rd party cookies onto the device of someone who uses your site and you have to ask for their explicit permission before they can watch said videos. What a pain that is if there is nothing in place within the software that allows you to gain this consent. But it doesn't stop there. If your site uses adverts then those advertisers will be dropping their cookies onto someone's device when they visit your site and you have to get their permission for this too. You can see where this is going ... ANYTHING from your site that drops 3rd party cookies, you need to get a users/visitors permission. The little bar that pops up at the bottom of your screen that says "this site is using cookies are you OK with this?" is not enough. You are also expected to list all the cookies that are being dropped on your site in your cookie notice.

I've been wrapping my head around this new regulation for weeks now and there is always something that went unnoticed that rears its ugly head that causes a new avenue of investigation to be opened up. Even businesses are having a hard time trying to work through this and many people using forum software have monetised their sites in order to keep them running and to pay some (all) bills. So, for everyone, including hobbyists, it's just a complete and utter nightmare with no one out there guaranteeing that you will be complying with this new regulation, even after taking their advice. Rant over lol.

;)
 
I was creating a new facebook social login for a wordpress site yesterday and they now require you to post a link to a privacy policy when you create the facebook app.

A quick google and I came across a site called iubneda, which helped me to create a very basic one for free, which is all I needed for the site in question.

http://iubenda.refr.cc/X2Z53DN (referral link)

But it's got a very detailed and capable generator if you have lots of codes, trackers and various systems integrated into your site. You just search for the services you use, it tells you about the data they collect and then you can add it to your privacy policy with a single click.

1523095928871.webp

It then generates a nice privacy policy for you which you can add to your site

1523096002062.webp

I'm currently using the free version, which I think is limited to 4 services.

It's $27 per year per site/app for the pro version or $9 a month for 5 sites.

If you have a pretty complex policy though with lots of trackers, it would probably be worth it to have a system like this to manage it. It seems pretty well designed.

Referral Link to iubenda
 
Last edited:
I was creating a new facebook social login for a wordpress site yesterday and they now require you to post a link to a privacy policy.

A quick google and I came across a site called iubneda, which helped me to create a very basic one for free, which is all I needed for the site in question.

http://iubenda.refr.cc/X2Z53DN (referral link)

But it's got a very detailed and capable generator if you have lots of codes, trackers and various systems integrated into your site. You just search for the services you use, it tells you about the data they collect and then you can add it to your privacy policy with a single click.

View attachment 172920

It then generates a nice privacy policy for you which you can add to your site

View attachment 172921

I'm currently using the free version, which I think is limited to 4 services.

It's $27 per year per site/app for the pro version or $9 a month for as many sites as you like.

If you have a pretty complex policy though with lots of trackers, it would probably be worth it to have a system like this to manage it. It seems pretty well designed.

Referral Link to iubenda

Looks interesting. Yet one more little tool to help admins get their site in compliance, thanks for sharing the link. Will be interesting to see how you Hebron with it after a few months.
 
Yeah, it does seem like a bit of a minefield, but tools like this make it easier to wrap your head around it all. It is interesting learning about all the data that's collected and used, when browsing the services you can also select exactly what info you site requests and uses and how it's used.

I think in the long run this will actually be a pretty big step in getting admins to up their game and understand themselves exactly what's going on with all the tracking code snippets they paste into their sites without a second thought about what it might be doing in the background.

It's amazing how granular you can be with getting the data from services like facebook

1523098878161.webp

The only thing that just occurred to me is what to do when it comes to a business that outsources any of their products or services. Say for example some of the products I offer I don't keep in stock, but sell through my website. When a customer places an order, I place that customers order with my supplier who ships it. So I'm sharing that customers details with a 3rd party.

I imagine I'll have to now disclose this, but to what extent? Can I just say that I have deals with trade suppliers and certain transactions will involve them and I pass on customers shipping addresses? Do I have to say which products it applies to? Will I have to name my suppliers?

I can see this becoming very problematic from competitive standpoint. I wouldn't want my competition knowing this information about my supply chain.

This could easily apply to sites that have merch stores or other drop shipping services integrated into their community.

What happens when a trade supplier has a data breach? I'm guessing you then have to contact all of your customers to let them know that one of your suppliers who has their personal data has had a data breach and name that supplier. Of course the customers should know this, but it could also destroy businesses that rely on sourcing and reselling products and services like this. A single email blast informing the entire customer base of a breach like that could mean none of them ever place an order through you again.


Some good vids here on using the generator I linked above, it seems they have tools to help you comply with things like COPPA too.

1. Introduction
2. Adding Services
 
Last edited:
Yeah, GDPR compliance is something each admin is going to have to evaluate and determine the best course of action for their sites. Unfortunately there will be no cookie cutter solution to fit everyone's needs.

Admins need to explore all options available to help them with policy compliance and determine which best suits their needs based off cost and confidence of the service.
 
@trapped_soul it would seem from your posts you need to go hire a lawyer to assess your site and write you up a report specific for you with a guarantee it is accurate and insured to indemnify you against any potential loss.

Once you've done that i'll be more than happy to do a report of my own on your site free of charge and we can compare notes.
Thank you for the offer. I have spent numerous times on the phone to the ICO and am pretty sure I have a good understanding based on what they've told me. I think it's admirable of you to offer this to the community however.

I was creating a new facebook social login for a wordpress site yesterday and they now require you to post a link to a privacy policy when you create the facebook app.

A quick google and I came across a site called iubneda, which helped me to create a very basic one for free, which is all I needed for the site in question.

http://iubenda.refr.cc/X2Z53DN (referral link)

But it's got a very detailed and capable generator if you have lots of codes, trackers and various systems integrated into your site. You just search for the services you use, it tells you about the data they collect and then you can add it to your privacy policy with a single click.

View attachment 172920

It then generates a nice privacy policy for you which you can add to your site

View attachment 172921

I'm currently using the free version, which I think is limited to 4 services.

It's $27 per year per site/app for the pro version or $9 a month for 5 sites.

If you have a pretty complex policy though with lots of trackers, it would probably be worth it to have a system like this to manage it. It seems pretty well designed.

Referral Link to iubenda

Interesting, that looks very good. Clean..
Indeed, after seeing some other posts and links, this was posted by @Davyc and I ran a full report myself too and only failed on the explicit acceptance of cookies. (choosing what type and to opt-in)
https://www.cookiebot.com/
Again, they run a good audit - although took several hours and is free/pretty cheap for what we need with a nice notice asking the visitor for their permission et al.
It also has a good audit sheet that you can grab the js/HTML code and embed it the into the head of your pages.
Seamlessly integrated too by copying your own CSS.
So there are options out there, just be calm, do some research and try to understand what it is they're requiring of us.
Imagine the DPA - extended, but more in favour of consumers and with their data - which can only be a good thing for us all.
Most of you who own business sites, should already be practising good control of data anyway. :)
 
That's really no different than the XF2 help pages, except the clickable links are giant circles instead of text.
 
That's really no different than the XF2 help pages, except the clickable links are giant circles instead of text.
Blimey. They are *so* different. It's all about the wording. The Xenforo wording is factual/business like. Pintrest wording is way more personal in nature. Much more likely to engender support and cooperation in my opinion.
 
You can change the wording to anything you like, a simple phrase edit, or you add what ever text you want in a separate policy page.
 
Last edited:
And charge more than a hobbyist can afford, it would be easier and less of a headache for hobbyists to simply close down their sites and avoid all of the angst that this new regulation is bringing. It's a ludicrous regulation that has taken privacy to a new level of bureaucracy, even so it will become law and the little people who can be affected by it will have to make use of whatever means that are within their reach, to make an attempt to achieve compliance.

The ICO has stated that their role is to firstly educate people of the Privacy rules and will only use penalties if their is a serious breach caused by gross negligence; that is a softening of the blow and gives some room to chill and think about what you ought to be doing.

Software providers can be of help if they can adjust their software slightly to help users comply with this new regulation. For example there is a need to ask people to confirm their acceptance for any third party cookies that may be dropped on their devices; this includes YT videos, so if a site uses YT videos Google will be dropping their 3rd party cookies onto the device of someone who uses your site and you have to ask for their explicit permission before they can watch said videos. What a pain that is if there is nothing in place within the software that allows you to gain this consent. But it doesn't stop there. If your site uses adverts then those advertisers will be dropping their cookies onto someone's device when they visit your site and you have to get their permission for this too. You can see where this is going ... ANYTHING from your site that drops 3rd party cookies, you need to get a users/visitors permission. The little bar that pops up at the bottom of your screen that says "this site is using cookies are you OK with this?" is not enough. You are also expected to list all the cookies that are being dropped on your site in your cookie notice.

I've been wrapping my head around this new regulation for weeks now and there is always something that went unnoticed that rears its ugly head that causes a new avenue of investigation to be opened up. Even businesses are having a hard time trying to work through this and many people using forum software have monetised their sites in order to keep them running and to pay some (all) bills. So, for everyone, including hobbyists, it's just a complete and utter nightmare with no one out there guaranteeing that you will be complying with this new regulation, even after taking their advice. Rant over lol.

;)
Depends how concerned (the exact word I used) you are, really.

If you are quite concerned that your model of business has significant data of EU citizens, and/or you have a relatively large income or effect, then you should absolutely talk to someone actually well versed in the legislation. The closest to a guarantee you're getting is a well-versed lawyer and/or consultancy firm. We don't take legal advice from people on reddit, in the same sense we shouldn't take legal advice (regarding the GDPR) without consulting professionals, if you believe the GDPR will significantly impact your operations.

The EU does not have endless resources to prosecute everyone and anyone for small "infractions" of the GDPR, nor is that the intention of the GDPR. For hobbyists (specifically those running forums, with minimal personal data), reading publicly available documentation and revising your procedures based off that should be sufficient to show that you do care about the privacy of your customers. If we're being realistic here, even if you don't change anything about how you operate, small forums aren't going to be targeted. That said, if you aren't taking data of your users seriously then that's something you should've worked on even before GDPR.

There are many regulations that are pointless bureaucracy, but the GDPR definitely isn't one of them. Companies have used and abused the data of individuals, given them little control over how it's used, how it's shared and various retention policies. It's honestly disgusting how little respect companies have for the privacy of individuals. It isn't here to fine anyone and everyone that doesn't comply, it's here to guarantee citizens the rights to privacy that they should've had. It is a directive that is relevant to today's internet age. It gives law enforcement the legal means to prosecute businesses that clearly process (often sensitive) data and are reckless with it. It gives citizens the rights to control access to their data, or request businesses not process data that they do not want processed.

I really cannot understand why people think that law enforcement has unlimited resources to go after every hobbyist project, especially for every little violation that has no end impact.
 
A quick google and I came across a site called iubneda, which helped me to create a very basic one for free, which is all I needed for the site in question.

Referral Link to iubenda

This seems very cool, and is used by some rather large organisations (incl. OpenGov and some MIT projects). I'd imagine this would satisfy the needs of any hobbyist project, for sure.
 
Back
Top Bottom