GDPR discussion thread

obviously, €20m would be the highest no matter what.
So why is the 4% in there at all? Just to throw you off?
No it’s not. If you are a company that turns over €1B then 4% is higher than €20m

If you are a smaller company £1M with a serious breach you could be fined up to €20m.

Hypothetically.
 
Not relevant to forums of course, but my finacial adviser moved office due to GDPR. He was in a very lovely converted chapel office, but as it was shared office space with another company he found he had to move. Obviously his filing cabinets office cubicles etc. and computers could be locked but his lawyer's advice was to moved to a stanadalone office premises.
 
Last edited:
So now the max fine is now an unlimited fine?

No, the maximum 2nd tier fine is up to €20 million, or 4% annual global turnover - whichever is higher. Taking Facebook as an example, 4% of their annual turnover would tower above €20 million but it is still limited to 4%.

XF is already compliant by default and there currently isn’t any further action planned.

Is that the case for xenForo 1 and 2 or just the current version?

In addition it would be helpful to get confirmation of what user data might be passed to the default anti-spam services.
 
Last edited:
No, the maximum 2nd tier fine is up to €20 million, or 4% annual global turnover - whichever is higher. Taking Facebook as an example, 4% of their annual turnover would tower above €20 million but it is still limited to 4%.



Is that the case for xenForo 1 and 2 or just the current version?

In addition it would be helpful to get confirmation of what user data might be passed to the default anti-spam services.
Undecided at this stage.
You could have felt free to notify me directly that my reply didn't make sense, rather than me reading it elsewhere (where I may never have seen it) :)

I thought you were asking me something else entirely, and I hadn't quite had enough coffee at the time, so I just totally missed it.

To answer your question correctly, both versions of XF are equally compliant for the sheer majority of customers.

To further expand on my message, yesterday: now we've got a bit more room to breathe after the recent releases, we've stepped back from 2.1 temporarily and started reviewing feedback and our current stance on GDPR. We were always going to write up a post or a newsletter with regards to GDPR compliance in XenForo. In the last 24 hours we have identified some improvements to make that we are currently considering. Whether there are changes to make, or not, keep your eye on the "Have you seen?" forum in the next week or two for more information. (Just to be clear, the HYS forum post, assuming that's where we post it, will be specifically related to GDPR in the current versions of XF. No 2.1 yet, sadly!)
 
To further expand on my message, yesterday: now we've got a bit more room to breathe after the recent releases, we've stepped back from 2.1 temporarily and started reviewing feedback and our current stance on GDPR. We were always going to write up a post or a newsletter with regards to GDPR compliance in XenForo. In the last 24 hours we have identified some improvements to make that we are currently considering. Whether there are changes to make, or not, keep your eye on the "Have you seen?" forum in the next week or two for more information. (Just to be clear, the HYS forum post, assuming that's where we post it, will be specifically related to GDPR in the current versions of XF. No 2.1 yet, sadly!)
Great stuff, thank you Chris & XF team.
 
You could have felt free to notify me directly that my reply didn't make sense, rather than me reading it elsewhere (where I may never have seen it) :)

Apologies, I thought it was my lack of understanding and didn't want to appear stupid.

To further expand on my message, yesterday: now we've got a bit more room to breathe after the recent releases, we've stepped back from 2.1 temporarily and started reviewing feedback and our current stance on GDPR. We were always going to write up a post or a newsletter with regards to GDPR compliance in XenForo. In the last 24 hours we have identified some improvements to make that we are currently considering. Whether there are changes to make, or not, keep your eye on the "Have you seen?" forum in the next week or two for more information. (Just to be clear, the HYS forum post, assuming that's where we post it, will be specifically related to GDPR in the current versions of XF. No 2.1 yet, sadly!)

That's encouraging. I do think there is some scope for added functionality to help ease the way towards compliance although I also appreciate at this stage some of the legislation is open to interpretation.
 
I'm eager to read more about the incoming changes for GDPR. This feels a bit last-minutey but better late than never.
The last 3 items that are required to me for GDPR compliance, on my particular forum:
1- consent to privacy policy at the time of registration
2- right to portability: being able to download your personal data in machine readable format https://gdpr-info.eu/art-20-gdpr/
3- ability to easily remove all user data (I'm against completely hard deleting a user's profile and posts, I would rather reset name to random and anonymize all data, so as to preserve existing discussion threads)

hopefully the incoming changes will address some of these points
 
Apologies, I thought it was my lack of understanding and didn't want to appear stupid.
No definitely me being stupid :)
That's encouraging. I do think there is some scope for added functionality to help ease the way towards compliance although I also appreciate at this stage some of the legislation is open to interpretation.
Exactly, which is sort of what I meant by knew-jerk reaction when I mentioned it on TAZ. I appreciate it sounds like the opposite, the legislation coming into play in just a few weeks, but really this has echoes of the whole EU cookie regulation thing about 6 years ago. I remember when there was a panic when that was approaching and how everyone must block cookies until they’re explicitly accepted and implied consent was never going to fly. Ok this is a much bigger fish but implied consent is exactly what everyone ended up doing in that case.

People are reacting to this like it is important, and it is, but no one is going to be 100% compliant by the “deadline” and some sites, even the biggest sites in the world, may never be if you take the entire thing as gospel. As a random example, XF is very likely to have tools for data portability (both import and export, though admin controlled) before even Instagram will.
 
Y...
To further expand on my message, yesterday: now we've got a bit more room to breathe after the recent releases, we've stepped back from 2.1 temporarily and started reviewing feedback and our current stance on GDPR. We were always going to write up a post or a newsletter with regards to GDPR compliance in XenForo. In the last 24 hours we have identified some improvements to make that we are currently considering. Whether there are changes to make, or not, keep your eye on the "Have you seen?" forum in the next week or two for more information. (Just to be clear, the HYS forum post, assuming that's where we post it, will be specifically related to GDPR in the current versions of XF. No 2.1 yet, sadly!)

Please do not forget Xenforo version 1.5x. I know many XF users who can not upgrade at least for 12 months to XF2x because of specific addons that are still missing.

If Xenforo is only improving XF2 regarding GDPR and leave XF1.5x as it is now, there is a high risk that these people switch to other forum software which has both, the GDPR issues resolved and the needed addons already available.
 
Some other suggestion for XF1.5x

a) unsubscribe link in the sitemailings by admin in the footer (Come on, you knew that I have to suggest that now...). Like in XF2 ;)
b) ideally without beeing forced to login. Like in XF2 :)
c) Require to check the box for privacy statement and terms of rules
d) One-click change username in all postings of that username incl. the postings in which he was quoted
e) Better control about visibility of uploaded images because of GDPR. Maybe show the thumbnails like now, but blurr the image, so that we can use the tumbnail still as a teasier to register and after logging in the user is able to see the image without blurr.
f) Make a setting in ACP so that the admin can decide whether the sitemailing shall be already checked during the registration process or empty so the user has to actively make the check to be able to get the site mailing by admin.
g) ....
 
Please do not forget Xenforo version 1.5x. I know many XF users who can not upgrade at least for 12 months to XF2x because of specific addons that are still missing.

If Xenforo is only improving XF2 regarding GDPR and leave XF1.5x as it is now, there is a high risk that these people switch to other forum software which has both, the GDPR issues resolved and the needed addons already available.
Agreed, we're in this boat.
 
Top Bottom