Recent Topics

General Data Protection Regulation (GDPR, resp. DSGVO) - planned features?

Started by on Jul 26, 2017 – Contents updated: Dec 30, 2017

Jul 26, 2017 22:07    

Hello,

on 25th of May 2018 I - like others who .e.g. own a b2e blog/forum etc. - have to fulfill the GDPR. Two of the relevant principles are: Portability and Delivering Information about stored private data.
In case a member of the community asks for all her personal data stored, I should be able to deliver the information within short. I have to by GDPR. Now it would be great to have a feature that extracts all member related data, printed in a structured form an - in case the information is extensive also zipped. GDPR demands full information. To do this manually would be very time intensive, esp. if there will be several requests.

If a member wants to quit she has the right to take away all her data stored, also all published posts or drafts. To answer to such requests a feature would be great - because all who lives in EU have to execute such requests. Also in these cases a feature (analogous to those mentioned above) would be great.

The ability to act according to GDPR is necessary to prevent oneself from high penalties.

In hope
Will

PS: I am sorry that I can not contribute such features. I am a user no developer. But I can join a group who tries to cope the challenges by GDPR.

Jul 27, 2017 09:17

I though the cookies consent was annoying, then now we have this :(

This regulation goes a bit far from just data export features, so making b2evolution fully compliant would require a huge effort.

There is a lot of documentation on this subject. These documents summarize the key points of the regulation:

Also a checklist for organization compliance:

I would like to find a pure technical compliance checklist. If you find more info about it, please share.

Thank you.

Jul 27, 2017 09:40

@fplanque @mgsolipa - gdpr and eu-privacy (that is planned to go live also on May 25th 2018) cause huge efforts and work to stay save. I'll keep my eyes on this and share if I find a technical compliance checklist. (I fear, that for the first there will come up only aproximate lists. The practice (also in cases of legal proceedings) will show the real far-reaching consequences.
@mgsolipa thanks for sharing the links

Jul 27, 2017 10:02

Before a technical list it's important to find a legal scope of exactly who is required to provide the info. It may not apply to every individual blogger.

Reminder: 90% of the sites that display a "EU cookie consent" warning are not actually required to do so. Session/login cookies do not need to be disclaimed.

Jul 27, 2017 10:53

@fplanque attached you'll find the last proposal to the EU Policy Regulation - There will be some minor adaptions to business demands, but in its core it will stay this way. The proposal contains background information and further insights to what is included by this regulation.

the cookie banner will probably no longer be needed in future, because e.g. browser will - according to the principle of Privacy by Design - block all cookies by default and the user has to activate each she accepts. But as you pointed out, session cookies will not be affected. Third Party Cookies will stay in focus and some plugins in b2e may use additional Cookies (YouTube, Facebook … ). But Cookie Consent is only a part of the regulations.

Every blog/ forum owner who e.g. allows registration faces the challenges of these regulations.

Offering b2e as compatible with GDPR and EU-Privacy (2018) could really become a USP (All have to, but those who come up with first will take it. Many others will hesitantly adapt regulation only after some collusions that will force this.)


Attachments:

Nov 08, 2017 10:45

hello @mgsolipa and @fplanque,

want to ask again towards GDPR and ways b2evolution will deliver processes to handle accordingly.

Greetings, Will

Dec 06, 2017 20:26

Hello @fplanque ,
I posted under support:what is really a challenge for GDPR
http://forums.b2evolution.net/hello-username-salutation-in-mailing-to-a-comment

On the website http://fokus.genba.org I try to inform clients about GDPR - so it was not really amusing to get a feedback, that the software I am using is not GDPR compatible. Till 25th of May next year this is embarrassing, but from then on this can result in really high penalties.

So please tell me, whether b2e will become compatible with GDPR by default latest at 25th May 2017 or not. I have to protect my interests.

Dec 23, 2017 10:00

@saunders we have been talking a bit about this subject on twitter, but I think it worths to move it to a public discussion here.

Thank you.

Dec 23, 2017 14:21

@mgsolipa you're right. We should shift our conversation from twitter to the forum.
But, as suggested, GDPR should gain a separate meta category, with different categories like:

  • (fund set for) non compliant existing features to GDPR,
  • common support to GDPR an EU Privacy challenges on b2e

  • to get a clear structure.

In your last tweet you mentioned that GDPR only affects enterprises or communities with 250+ employees. That is not correct. All (exclusive exclusively private) activities in witch personal data are processed are subject of GDPR. The number of 250+ recurs to Article 30 only, "records of process activities". Enterprises with less than 250 employees are not forced (under circumstances) to have records of processes (see: https://www.privacy-regulation.eu/en/article-30-records-of-processing-activities-GDPR.htm)

So every small business using b2evolution, every society or organized community, every organization has to be compliant to GDPR no later than 25th of May 2018. There is no doubt about it.

The risk of using a not GDPR conform b2evolution is not only a users risk. Each user can take b2evolution in regress for every breach of the law caused by software itself(, not by the way it is used). In an earlier support ticket (yet waiting for reply) I mentioned one case that could bring troubles to b2evolution.

I am on board to support b2evolution in getting compliant to GDPR. But we should face it now.

Dec 29, 2017 01:48

I'm not sure what you mean exactly but I think I need to refer you to the user license at the very top:

b2evolution is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Also to give you a clear answer:

So please tell me, whether b2e will become compatible with GDPR by default latest at 25th May 2017 or not.

We will probably not be 100% ready. As will be the case for 99% of the software at this date. The law is insanely complex. Even the EU knows that. Maybe Microsoft will have something that passes as compliant at that date.

The regulation is really badly written and painful to read. I am still waiting for someone to write a clear summary for our use case.

We will make reasonable efforts to facilitate compliance and have an honest solution by May.

In the meantime do you think we should detect users from the EU and display an overlay like "The European Union has decided you can no longer use this site after May 25th unless we hire 3 lawyers and 5 developers to be compliant with their latest regulations. The estimated compliance budget is 250.000 €. Donate here." ?

Dec 29, 2017 01:59

I created a GDPR sub forum as per your suggestion.

Please add feature requests for what b2evolution needs to do so you can be compliant.


Form is loading...

multiblog – This forum is powered by b2evolution CMS, a complete engine for your website.