I suppose I better sort out ZiiP’s compliance to GDPR. You’ve probably received an email recently from every single website you’ve ever visited explaining how they use your data, what they store, and what consent they have.
In a nutshell, what information do I have on you. Well - some of it is down to you. If you put your real name in the box that says “What is your first/last name” - then, that’s kinda obvious. You’re are not obliged to provide your real name - in fact, I’d prefer it if you didn’t.
I store your email address as a means of communicating with you. Should this be to recover your password automatically, or to inform you of changes to EU privacy laws… What I don’t do is provide your emails to a 3rd party in ANY form. Ever.
Your IP address is stored, which according to the EU is now ‘personal identifiable data’ (ha! - tell that to all the hackers that we couldn’t ban because IPs change so easily)… Anyhow, the system captures your registration IP and your last login IP. Generally for security reasons to stop fake accounts and spam being created. IP addresses are logged.
That’s really about it on identifiable information. Unless you put your mugshot as your avatar. sigh.
Some other buzzwords that are doing the rounds: (what they mean, what they mean to you)
Right to Be Forgotten
Basically, you have the right now to be completely forgotten from a website. Who are you again? Ok ok. That means completing destroying EVERYTHING that we have on you… or more easily: I can Anonymize you - which sounds a lot more bond-villan-esq. Soooo in a nutshell, upon request, the system would completely remove all personal details from your posts. Your posts would remain - but no one would know it is you that posted. You’d be assigned a random username that you couldn’t log in with.
Equally, your IP address in our logs is also anonymized.
To be completely deleted, you need to contact an admin.
Basically, this means that you can take everything we have on you and have a copy yourself. You can already do this by viewing your info panel and selecting “Download All”.
Explicit Consent to Emails
Ok, this is a more murky area and possibly the main bit that will require some changes. Effectively, I need your consent to contact you by email. That’s fine really - I don’t market stuff to you anyway. But technically, you could be PM’d a message that gets sent to your email - so there is possibly a need for consent to that. Additionally, the server sends weekly digest emails to keep you informed of what has happened on the forum - something that I have disabled until further notice.
Whilst it is impossible to provide a fully hardened system that isn’t open to a data breach - I believe our systems to be reasonably secure - with a few additional changes that I’ll be implementing this week. I’ll be organising a data audit too.
Running a simple gaming community has never been so much fucking fun!
Any comments or questions? Feel free to ask.