GDPR - adding a user database to site
Permalink
Hello all,
With the impending changes to British law regarding General Data Protection Regulations - and all its knock-on effects to administrators; I was wondering if anyone has implemented or designed a supercharged database for C5 websites.
What I have in mind is that as all businesses, charities etc. who trade in the UK (yes all who trade in the UK from anywhere in the world) have to be fully compliant to the new GDPR laws by 26th May 2018 it might be good to upgrade all my users information into one database online - and my website is the obvious single choice.
Anyone use their websites for loads of fields of information on users which has check-boxes and date-time stamps etc.
Long shot I know but someone else out there might have already invented that wheel which might save me lots of time and effort.
Thanks.
Fanflame
PS: I have talked to lots of people who do not even know of these law changes and think it will not affect them... but it will affect anyone who trades in the UK or holds information on anyone |individuals | people who lives in the UK.
With the impending changes to British law regarding General Data Protection Regulations - and all its knock-on effects to administrators; I was wondering if anyone has implemented or designed a supercharged database for C5 websites.
What I have in mind is that as all businesses, charities etc. who trade in the UK (yes all who trade in the UK from anywhere in the world) have to be fully compliant to the new GDPR laws by 26th May 2018 it might be good to upgrade all my users information into one database online - and my website is the obvious single choice.
Anyone use their websites for loads of fields of information on users which has check-boxes and date-time stamps etc.
Long shot I know but someone else out there might have already invented that wheel which might save me lots of time and effort.
Thanks.
Fanflame
PS: I have talked to lots of people who do not even know of these law changes and think it will not affect them... but it will affect anyone who trades in the UK or holds information on anyone |individuals | people who lives in the UK.
GDPR takes effect across the whole of the EU and not just the UK. Realistically it is a global requirement if you work with businesses within the EU.
Do not think to lightly about the upcoming EU GDPR rules, that can cost you income.
Despite being an EU regulation, the GDPR will apply to any site that collects data from EU citizens. This means that if you’re running a website with registration enabled, and some of your users reside in the EU, the GDPR technically applies to you.
You might still be tempted to ignore this legislation if you operate elsewhere, but remember that its main goal is to protect EU citizens. Since non-EU businesses also need to comply with the GDPR, it stands to reason that you could get fined for breaching its rules, no matter where you’re based.
The GDPR can impose several types of penalties. For example, you could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data. These are steep fines. However, the good news is that complying with the GDPR is relatively simple.
What You Need to Do to Comply With the GDPR
The GDPR is a massive piece of legislation, but we can ultimately boil down its contents to the six fundamental rights it grants to users. Here’s what they are and how to comply with each of them:
Breach notification. Under the GDPR, you must inform your users within 72 hours if any breach occurs that might compromise their data.
Right to access. Users have a right to access the information you have about them.
Right to be forgotten. Your users have the right to ask you to delete their accounts and all personal information you have. You may also need to cease sharing that information with third-party services.
Right to portability. Users will be able to request that you forward their records to other ‘controllers’ or services if need be.
Privacy by design. You may be held liable for data breaches if your system isn’t secure by design. In other words, you can be held responsible for failing to take precautions to protect user information.
Data protection officers. If you handle massive amounts of user information or sensitive data, such as criminal records, you’ll need to work with a Data Protection Officer (DPO).
Source and more:http://bit.ly/2IdyxFN
Despite being an EU regulation, the GDPR will apply to any site that collects data from EU citizens. This means that if you’re running a website with registration enabled, and some of your users reside in the EU, the GDPR technically applies to you.
You might still be tempted to ignore this legislation if you operate elsewhere, but remember that its main goal is to protect EU citizens. Since non-EU businesses also need to comply with the GDPR, it stands to reason that you could get fined for breaching its rules, no matter where you’re based.
The GDPR can impose several types of penalties. For example, you could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data. These are steep fines. However, the good news is that complying with the GDPR is relatively simple.
What You Need to Do to Comply With the GDPR
The GDPR is a massive piece of legislation, but we can ultimately boil down its contents to the six fundamental rights it grants to users. Here’s what they are and how to comply with each of them:
Breach notification. Under the GDPR, you must inform your users within 72 hours if any breach occurs that might compromise their data.
Right to access. Users have a right to access the information you have about them.
Right to be forgotten. Your users have the right to ask you to delete their accounts and all personal information you have. You may also need to cease sharing that information with third-party services.
Right to portability. Users will be able to request that you forward their records to other ‘controllers’ or services if need be.
Privacy by design. You may be held liable for data breaches if your system isn’t secure by design. In other words, you can be held responsible for failing to take precautions to protect user information.
Data protection officers. If you handle massive amounts of user information or sensitive data, such as criminal records, you’ll need to work with a Data Protection Officer (DPO).
Source and more:http://bit.ly/2IdyxFN
I absolutely agree with how serious this is. Plus with what has happened with Facebook in the past week I think this should be applied globally not just within the EU.
Thanks for all that I do realise the seriousness of it which is exactly why I was trying to sort it out now.
Thanks for all the tips.
Thanks for all the tips.
I realise that GDPR affects everyone. That is why I am taking it seriously and wondered if anyone had a database I could use to enhance the site.
Thanks for the reply.
Thanks for the reply.
Lots of discussion about GDPR on Slack. Join the GDPR channel.
Thanks You I will take a look.
You can read up this summary of what has been collected in the gdpr slack channel:
https://github.com/cahueya/concrete5-gdpr...
https://github.com/cahueya/concrete5-gdpr...
Thanks I will look after Easter.
Fanflame
Fanflame