Even easier - disable the PM system
Even easier - disable the PM system
Maybe about this misunderstanding how phpBB's mail system is designed, esp. with the meaning of "hide email adresses"? viewtopic.php?f=556&t=2462606
This could create a huge security risk, and could create a very unsafe situation when anyone is free to go on a forum completely untracked. Would be a very dangerous option (then again, this entire reg is, but that's a different story).
Just FYI, from research of the reg, both are technically required. It classifies simple name and e-mail data as sensitive data now for some stupid reason .Simply trying to do our best to keep phpBB secure against attacks seems to me as sufficient protection for this kind of data. If you really want to store sensitive information about your users in custom profile fields, then you should take care of the extra security required yourself (this should never happen realistically).
As long as the ability to turn off display to that user/other users of this log exists (Can view own log/Can view any log), that would be a cool option to have.CHItA wrote: ↑Tue Mar 06, 2018 3:30 pmYou could a suggest a log like that in the ideas forum. Also it is rather funny, that this idea comes to someone by worrying about GDPR.tojag wrote: ↑Tue Mar 06, 2018 2:46 pmIn my opinion, a good solution would be a user's log that would be available to him. contain:
- IP and registration time,
- IP and change time of password / login / email,
- IP and login time, including unsuccessful login.
GDPR requires reporting incidents related to data protection. With such a log, the user can report to the admin, e.g. attempts to log into his account.
^. This is a good idea for an extension, but not for stock behavior as 2FA can be a pain to setup, and in that case, you're pretty much ensuring that your storing what the GDPR considers to be "private data."There is an extension for 2FA. Not really sure whether or not you mean phpBB by "this forum" or actually the forum on .com. I think this topic is in general about phpBB's GDPR compliance.
I would support this as an option of phpBB, as long as it was an option that was turned off by default.No way they will be by default in the near future, however, someone might create an extension one day to do so. I think if you are worried about private messages, just add a policy that no personal information can be shared in them (so you comply with GDPR).
If the board has it enabled, yes. But this should be up to the site owner to reflect in the policies if need be.
GDPR talks about the protection of personal data and not private data. Personal data may be private or public. For example, everything that is publicly visible in the user's profile is his personal data but made public (even if only for other users).
May I ask the link to your board?
Well, it's like I said elsewhere. I don't picture this law lasting, at least not for foreign owned websites. I'd love to watch the US enact a law that Americans have a right to a taxi to be called and paid for by a bar when they're drunk, even when visiting a foreign bar - and then try enforcing that law on Canadian or Mexican bars.tojag wrote: ↑Wed Mar 28, 2018 8:10 pmI was happy when there were no stupid requirements. I kept my website calmly. Every day I work in the field of legal metrology (devices for billing, such as water meters, heat meters, etc.) and I have a lot of legal requirements there, so that someone who uses such a meter is not wronged. I have checks, audits, etc. Lawyers work in every industry, maybe that's why I'm so sensitive.
As I wrote in another topic.. Unfortunately, I think differently than most people here. It seems to me that big players will manage. They have lawyers and money. Small businesses and hobbies will be at risk. It is always the case that the big one becomes even larger as they introduce new legal requirements.
There is none Steve. The GDPR applies to owners/operators and varies from EU country to country (as its a Regulation not a Directive)
Users browsing this forum: Yandex [Bot] and 18 guests