30-05-2018, 09:24 PM
I received a message from ProBods last week about their updated privacy policy. Does this mean that this forum and others under the pb umbrella are fully GDPR compliant?
GDPR
|
30-05-2018, 09:24 PM
I received a message from ProBods last week about their updated privacy policy. Does this mean that this forum and others under the pb umbrella are fully GDPR compliant?
30-05-2018, 09:37 PM
Proboards privacy policy as operated by this forum is GDPR compliant; however I undersatnd some other forums on the proboards platform do not comply with GDPR in that they have banned some members who are denied the right to contact them to have their data (and posts) erased. I unederstand the maximum fine for this non compliance is 10million euro per offence.
30-05-2018, 10:02 PM
So what would be the procedure (who to contact, how long would it take, how much would it cost etc.) if someone wanted to request details of the personal data held or an Article 17 request?
30-05-2018, 10:20 PM
(30-05-2018, 10:02 PM)guff Wrote: So what would be the procedure (who to contact, how long would it take, how much would it cost etc.) if someone wanted to request details of the personal data held or an Article 17 request?Under the old rules a "data request" could be made and the data controller would have 40, probably working rather than calander, days to respond. It was up to the data controller whether they charged a fee but it was capped at £10. GDPR scrapped the charge but made no other changes with regard to data requests. It also formalised the right to be forgotton, i.e. erasure of all information held about a person. Probaords operates under United States FTC regulations but as it serves european members has to be GDPR compliant and has posted its privacy policy by a link from any page of any forum https://www.proboards.com/privacy, section 12 clearly states they can be contacted through their support forum and provide a further link to that. However indivdual forum administrators are likely to be considered data controllers within the meaning of GDPR as they have access to personal informatiion (email address and IP address for all members and other personal information such as sex, date of birth if the member has provided it) and process it, in that they can use it to deny access. It is likerly that they are in breach of GDPR in that they cannot be contacted by banned members but they retain that persons personal data and posts made on that forum.
30-05-2018, 10:40 PM
For the record I am the data controller on this forum and can be contacted by private message, in the event of a member being banned they willl be sent an email at their registered email address giving them a email address to contact should they wish to make any application under GDPR.
This forum complies with GDPR in general and the proboards privacy policy as stated in the link at the bottom of this, and every, page and any revisions made from time to time.
31-05-2018, 10:46 AM
When I was banned from the independent forum and my account closed in October 2017 there was no communication from the powers that be, therefore as I was unable to PM admin, the mods, or contact ProBoards (partly through my lack of know how). I now find myself in the position where I do not know if my personal data was removed or not and I assume that others who have been expelled are in the same situation. I?m not commenting on the rights or wrongs of individual members being banned, I appreciate that the mods have to ensure that comments are within the law. Nevertheless I respectfully suggest that perhaps, if they had spent less time seeing political incorrectness where there was none intended and they had adopted a less despotic approach, the indy would not now be facing a potentially existential situation, the ?frank? forum may not have been established and several people left with concerns about their personal data.
31-05-2018, 10:57 AM
(31-05-2018, 10:46 AM)yorkshireman Wrote: When I was banned from the independent forum and my account closed in October 2017 there was no communication from the powers that be, therefore as I was unable to PM admin, the mods, or contact ProBoards (partly through my lack of know how). I now find myself in the position where I do not know if my personal data was removed or not and I assume that others who have been expelled are in the same situation.Some of your personal information has been retained in contravention of GDPR as without it they would not be able to ban you. Unless all of your posts have been deleted there is a further breach of GDPR in that they have denied you your right to be forgotten.
31-05-2018, 11:10 AM
(31-05-2018, 10:57 AM)admin Wrote: Some of your personal information has been retained in contravention of GDPR as without it they would not be able to ban you. Unless all of your posts have been deleted there is a further breach of GDPR in that they have denied you your right to be forgotten.So, regardless of any possible future changes, how does anyone unable to communicate with the indy go about correcting this?
31-05-2018, 11:15 AM
If you cannot contact them the statutory authority in the UK that deals with breaches of Data Protection legislation, not just GDPR is the Information Commissioners Office https://ico.org.uk/
31-05-2018, 11:29 AM
(31-05-2018, 11:15 AM)admin Wrote: If you cannot contact them the statutory authority in the UK that deals with breaches of Data Protection legislation, not just GDPR is the Information Commissioners Office https://ico.org.uk/Thanks very much. |