No, I don't know how that is enforceable either.GDPR affects anyone holding data on EU citizens, including those companies not in Europe
Dear Mr #########
Thank you for your correspondence (attached for your reference).
I am sorry for the delay in responding. We are experiencing a very heavy caseload at the moment.
I understand from your email that you are the Administrator for a number of online forums and you wish to know how the General Data Protection Regulation (GDPR) will affect you.
As you have mentioned in your email, you are processing personal data during the course of your activities. This can include email addresses as they could identify a living individual in certain formats. Additionally, the GDPR is now identifying IP addresses as personal data. The legislation covers this in Article 4 (1) which includes online identifiers and is extended upon in Recital 30.
The result of this is that you need to comply with the provisions of the GDPR when processing personal data. Our Guide to the GDPR outlines the provisions of this legislation. A good introductory resource you may wish to review is our ‘GDPR: 12 steps to take now’ document and our ‘Getting ready for the GDPR checklist’.
It is also possible that you may need to register with us. The criteria on this on are still being consulted upon so unfortunately I cannot provide a definitive line on that at this time. Our blog ‘ICO fee and registration changes next year’ currently provides our most up to date information on this.
I hope this information is helpful to you. If you would like to discuss this case further, please contact me on my direct number 0330 ####### If you need advice on a new issue you can contact us via our Helpline on 0303 123 1113 or through our live chat service. In addition, more information about the Information Commissioner’s Office and the legislation we oversee is available on our website at www.ico.org.uk.
Lead Case Officer
Information Commissioner’s Office
OMG, that's the kind of reply which sends shivers up my spine.
Dozens of lawsuits see it the same way. And as soon as not only one person is using the target device (speak: computer) one person alone can't be held liable for using it (i.e. children infringing copyright laws). It all comes down to the scenario: IP address = internet access owner/payer - that's what everybody means by "personal". And since most ISPs store connection details you can be traced with a given address at a given time.identifying IP addresses as personal data
Might not be necessary
Well, lets see. COPPA stands for The Children's Online Privacy Protection Act and is for children under 13. That makes more sense to me then an asinine bunch of crap about IP addresses and cookies. You would have to live in another universe not to know that all, and I mean ALL websites record your IP address and most if not all use a cookie. Compare that to the protection of children.