cb25
Posts: 3,528 
Likes: 2,668
|
Post by cb25 on Apr 24, 2018 16:45:21 GMT
Given we've all registered our names, DOBs and email addresses, I'm guessing the Forum is registered with the Information Commissioner's Office (aka data protection registrar). If that's true, what if any impact will GDPR have ?
|
|
bigfoot12
Member of DD Central
Posts: 1,817
Likes: 816
|
Post by bigfoot12 on Apr 24, 2018 16:58:18 GMT
I think that we all registered on a US website and so I suspect that GDPR has no impact.
|
|
stub8535
Member of DD Central
personal opinions only. Not qualified to advise on investment products.
Posts: 1,447
Likes: 945
|
Post by stub8535 on Apr 24, 2018 17:04:33 GMT
I think that we all registered on a US website and so I suspect that GDPR has no impact. At least we are not registered on a European domiciled website that is forcing users to choose to move the privacy rights to California or close their accounts, including connected ones, like a very massive "book" that's in your "face" and it's subsidiaries. Always read the terms and conditions before pressing accept.
|
|
|
|
Post by jevans4949 on May 2, 2018 0:08:41 GMT
AIUI, GDPR applies to any organisation providing a service to people in any EU state, even if they are based elsewhere.
However, Data Protection rules apply to the ability to identify a living person. Since we only have an email in our profiles (only made-up username required, no address or phone number, and DOB doesn't require year) would it apply to this forum?
EDIT: in fact I can't see that email forms part of the profile - or am I wrong?
|
|
|
|
Post by mrclondon on May 2, 2018 0:24:03 GMT
As already noted it is proboards who process (in the USA) the user info used to register for any proboards forum. Also as noted very few people use their actual name, or actual dob when signing up to social media sites, and in any case the only info visible to forum administrators on user profiles are day/month of dob and email address. However setting aside that technicality, the pdf attached to ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/guide-to-the-data-protection-fee/has several interesting bits that differ significantly from the current DPA regime. Of particular relevance are sections 7 & 9: 7. Are you a not-for-profit organisation? A specific exemption applies to bodies or associations that are not established or conducted for profit. However, the exemption applies only if: * you are only processing data for the purposes of establishing or maintaining membership or support for a body or association not established or conducted for profit, or providing or administering activities for individuals who are members of the body or association or have regular contact with it * you only hold information about individuals whose data you need to process for this exempt purpose * the personal data you process is restricted to personal information that is necessary for this exempt purpose If yes to all – a data protection fee is not due 9 Penalties You are breaking the law if, as a controller, you process personal data, or are responsible for the processing of personal data, for any of the non-exempt purposes and you have either: * not paid a fee, or * not paid the correct fee. The maximum penalty is a £4,350 fine (150% of the top tier fee.) |
|
