why is your opinion about what the DGPR requires any more likely to be the truth that any of the other people who have posted in this topic?tojag wrote: ↑Sat May 19, 2018 9:57 pmTlem You are wrong and very much. You as a forum owner provide you with a service. You are responsible for fulfilling the GDPR requirements. For forum users, writing on it can be a hobby, for you it is an activity subject to GDPR.
I see that you do not understand GDPR completely. You are extracting fragments detached from the whole. At any place, GDPR does not treat IP, for example, differently from other data described in the definition. At any place, GDPR does not treat private and public personal data. In both cases, these are personal data and are protected by law.
GDPR requires the right to be forgotten, this also applies to the archives of databases. It is currently one of the biggest technical problems - archives may require older versions of systems. Read what troubles big companies have in this area.
GDPR does not require anything from the person whose data it processes, it requires everything from you. You must show relevant information, collect consent, provide rights, etc. The user does not have to either remember their posts or browse them and look for what was in them. GDPR transfers this to the administrator. Admin is responsible for providing information to the user if he is in charge and asks what data he has. Admin must delete or anonymize this data. Not a user.
The only thing I'm hoping for is that really run out of resources and time to check everyone.
If the UK is no longer a part of the EU then I doubt that it applies to them any more than it would to the US or any other country.
If you go to the ICO website there’s a simple survey you can follow.
The UK is still in the EU and even when we leave all EU law will be made into UK law so GDPR will still apply.
A few years ago when I wrote here that IP and email are personal data, everyone here had a different opinion because they probably did not read the regulations.
GDPR doesn't differentiate between personal data that is made public or handled invisibly to the user (except in some minor ways like if a user puts his "sensitive" personal data in a post, so makes it explicitly public then you can "process" it, which otherwise would be forbidden). And GDPR considers everything personal data that could be used as a part of the puzzle to identify you. So while IP addresses don't really identify anyone, it could be the case that if you have other data, you could use that with the IP address to identify someone. Is this dumb? Maybe, but that is what is in the regulation.tojag wrote: ↑Sun May 20, 2018 8:36 amDavid, but it does not matter our perception of this. With many laws, people do not agree, but they must respect them. In particular, specialists in a given field see this field differently than other ordinary people. GDPR has been created to protect people who do not necessarily know what is happening with their personal data. I think that the intention was to deal with large companies and institutions, but it also came in small and we have to submit to it
Your interpretation is correct to the extent that what you seem to want to do would comply with GDPR. However, you definitely do not need consent for all personal to be collected/processed (which you seem to think) as that is just one of many lawful basis for collecting and processing personal data.
That's what I constantly say Thanks for understanding this too. This is the definition of personal data in GDPR but probably not everyone understands it. Public or private it is no difference.CHItA wrote: ↑Sun May 20, 2018 9:01 amGDPR doesn't differentiate between personal data that is made public or handled invisibly to the user (except in some minor ways like if a user puts his "sensitive" personal data in a post, so makes it explicitly public then you can "process" it, which otherwise would be forbidden). And GDPR considers everything personal data that could be used as a part of the puzzle to identify you. So while IP addresses don't really identify anyone, it could be the case that if you have other data, you could use that with the IP address to identify someone. Is this dumb? Maybe, but that is what is in the regulation.
No, I've read the GDPR in the original.tlem wrote: ↑Sun May 20, 2018 2:03 pmHi tojag, I have some questions to ask you?
- Is your forum a professional, political, or associative forum?
- Do you collect information other than that collected by your phpBB forum?
- Do you market the information collected by your forum such as email addresses, IP addresses, personal information indicated by your members, etc ...
- Do you know the CNIL (National Commission of Computing and Freedoms), and do you credit what is issued by it?
- Can you read French documents?
This was also already answered. Don't process them based on consent and then you don't have to (except on a case by case basis if the author requests it and the request is reasonable). If you process them based on consent then you probably have to remove the personal data from the posts and probably from quotes, replies, whatever else.