GDPR and ZiiP


#1

I suppose I better sort out ZiiP’s compliance to GDPR. You’ve probably received an email recently from every single website you’ve ever visited explaining how they use your data, what they store, and what consent they have.

First up, this is just an informal thread. All going to plan, I’ll be emailing everybody with an updated privacy policy and other bits. I may have to gain your consent to stuff too - but until that is built into the backend of the forum controller, I’ll probably have to do it manually through mailchimp… I guess. I dunno. We’ll find out.

Anyhow…

In a nutshell, what information do I have on you. Well - some of it is down to you. If you put your real name in the box that says “What is your first/last name” - then, that’s kinda obvious. You’re are not obliged to provide your real name - in fact, I’d prefer it if you didn’t.

I store your email address as a means of communicating with you. Should this be to recover your password automatically, or to inform you of changes to EU privacy laws… What I don’t do is provide your emails to a 3rd party in ANY form. Ever.

Your IP address is stored, which according to the EU is now ‘personal identifiable data’ (ha! - tell that to all the hackers that we couldn’t ban because IPs change so easily)… Anyhow, the system captures your registration IP and your last login IP. Generally for security reasons to stop fake accounts and spam being created. IP addresses are logged.

That’s really about it on identifiable information. Unless you put your mugshot as your avatar. sigh.

Some other buzzwords that are doing the rounds: (what they mean, what they mean to you)

Right to Be Forgotten

Basically, you have the right now to be completely forgotten from a website. Who are you again? Ok ok. That means completing destroying EVERYTHING that we have on you… or more easily: I can Anonymize you - which sounds a lot more bond-villan-esq. Soooo in a nutshell, upon request, the system would completely remove all personal details from your posts. Your posts would remain - but no one would know it is you that posted. You’d be assigned a random username that you couldn’t log in with.

Equally, your IP address in our logs is also anonymized.

To be completely deleted, you need to contact an admin.

Data Portability

Basically, this means that you can take everything we have on you and have a copy yourself. You can already do this by viewing your info panel and selecting “Download All”.

Explicit Consent to Emails

Ok, this is a more murky area and possibly the main bit that will require some changes. Effectively, I need your consent to contact you by email. That’s fine really - I don’t market stuff to you anyway. But technically, you could be PM’d a message that gets sent to your email - so there is possibly a need for consent to that. Additionally, the server sends weekly digest emails to keep you informed of what has happened on the forum - something that I have disabled until further notice.

Data Security

Whilst it is impossible to provide a fully hardened system that isn’t open to a data breach - I believe our systems to be reasonably secure - with a few additional changes that I’ll be implementing this week. I’ll be organising a data audit too.

Running a simple gaming community has never been so much fucking fun! :smiley:

Any comments or questions? Feel free to ask.


#2

“How would would you like him dealt with, sir?”

“…anonymize him”


#3

I request that all of the stupid shit I’ve done and all times I’ve been a nob head to you lot be forgotten!

You’ll end up basically not knowing who I am any more, but I might not feel as guilty for being such a cock so often.


#4

Is that a formal request?

:stuck_out_tongue_winking_eye::mushroom::man_cartwheeling::tophat:


#5

Yep fucking GDPR(had to do a checkup for work to see what we were storing etc). You don’t really have that much personal info on the forum as it is not asking for birthdate etc. I have obviously not used my own name here and as for pictures well… me lifting a pint is not going to make a difference.


#6

GDPR is certainly draining my phone battery these days…getting emails from places I forgot I put my email address into!

GDPR is a big thing for me at work too which is a bit of a PITA!

Just don’t let the EU know what happened to the clown and everything will be fine.


#7

Would you be annoyed if I made a subject access request every couple of weeks? Also I want to be able to take my data you hold, and use data portability over to every new forum I want to join. To make it easier like. Coz I forget my own name and stuff.


#8

Congratulations on your promotion to ZiiP Data Handler Scott :slight_smile:

I’ll set you up an address for people to reach you on.

In regard to the second part - you can already do that. The system allows you to download everything on you already :slight_smile: