Welcome to Centmin Mod Community
Become a Member

Discussing General Data Protection Regulation (GDPR)

Discussion in 'Web Development & Web Performance' started by eva2000, Apr 14, 2018.

Tags:
  1. Revenge

    Revenge Active Member

    408
    85
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +302
    Local Time:
    11:20 PM
    1.9.x
    10.1.x
    Portugal here and i received the cookie notice.
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yup so you should as it's part of continent = Europe :)
     
    • Like Like x 1
  3. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    12:20 AM
    In reply to: Forum Privacy Policy Added

    Showing a banner with cookie information is not enough.
    You need to ask visitors permission (opt-in) for ad/tracking cookies, to be able to meet the GDPR regulations.

    It is a lot of hassle. It seems so easy but takes a lot of time.
    In short, again if it is not necessary. Don't do it.

    First seek out if a private forum with a private person from Australia.
    Should comply with GDPR regulations.
     
  4. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah that's the next step I am working on as the cookie code does support opt-in cookies
    one step at a time :)

    who knows for small forum that is non-EU based, displaying a cookie notice pop up might be just enough to keep EU lawmakers off our backs heh
     
  5. Jon Snow

    Jon Snow Active Member

    374
    60
    28
    Jun 30, 2017
    Ratings:
    +90
    Local Time:
    7:20 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    If you used Google Adsense, they forced you to have this a very long time ago because of EU's cookie policy.
     
  6. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    12:20 AM
    Sure. And if lawmakers are gonna whine.
    Migrate the forum to Australia.

    As the form is located on Sucuri's systems right now with location Frankfurt for EU visors. They can grow difficult. after all, you serve EU visitors from an EU system.

    You have my blessing in any case.
     
  7. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    hmmm Whois is dead as Europe hands DNS overlord ICANN its arse

     
  8. Jon Snow

    Jon Snow Active Member

    374
    60
    28
    Jun 30, 2017
    Ratings:
    +90
    Local Time:
    7:20 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    And here I thought they were making it a requirement for online businesses to display their whois info and not buy whoisguard protection or similar to protect their public details.

    I'm happy they're going to stop displaying our personal info publicly. Then again I pay 99 cents to protect my stuff.
     
  9. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Same i use whois privacy too. So I can see how GDPR forcing whois to be private by default would be nice. Though the other side of the coin is about fraud and tracking down bad sites etc through whois records would be made alot harder ?
     
  10. wmtech

    wmtech Member

    67
    17
    8
    Jul 22, 2017
    Ratings:
    +41
    Local Time:
    12:20 AM
    As I have heard only whois data regarding private persons won't be available any more to the general public. Domains and network data registered to companies or other legal entities will still be available.
     
    • Informative Informative x 1
  11. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Ah more clarification on record keeping aspect of GDPR GDPR Guide - Getting started - Privacy & Cookie Policy Generator | iubenda

    maybe some insight as to what size of an organisation they're generally targeting >250 employees ?

     
  12. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Iubenda has a cookie law solution for GDPR too which allows disabling cookies via configuration What is the difference between the Privacy and Cookie Policy Generator and the Cookie Solution? - Cookie solution - Privacy & Cookie Policy Generator | iubenda

    Cookie Law Solution: preventing code execution that could install cookies - iubenda cookie law solution - Privacy Policy Generator | iubenda

    Examples of how to disable cookies for common services and 3rd parties with Iubenda's full cookie solution Cookie Law Solution: preventing code execution that could install cookies - iubenda cookie law solution - Privacy Policy Generator | iubenda

     
  13. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    But not sure i like how it turns out on visitor access, all site content is almost hidden at the top with just the pop up notice on test page I setup at https://community.centminmod.com/iubenda/index.html - haven't setup cookie exclusions though that's just basic code I am testing.
     
  14. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Hmm just came to mind, what happens if EU visitors use a non-EU VPN service with non-EU ip address ? Does GDPR apply if site can not accurately determine if the visitor is in fact is an EU originating user ? I guess it doesn't apply.

    Or if an EU user has incorrect geo ip location data on their IP address ?

    Or if a non-EU user uses a EU based and advertised VPN service/IP address ?
     
  15. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Dummies guide What is General Data Protections Regulation (GDPR)? - dummies :)

     
  16. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    The Beginner’s Guide To General Data Protection Regulation (GDPR)

     
  17. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    More info The Beginner’s Guide To The GDPR | AdProfs
    hmm more specific
    well we are truly not alone though - estimated 80% of companies won't be GDPR compliant come May 25, 2018
    Are you backing up your data ?
    web hosts GDPR compliant
    Which means even if you yourself have covered all the GDPR compliance requirements at your end, if the web host you use isn't GDPR compliant, then you wouldn't be fully GDPR compliant anyway ! That's alot of work to be 100% GDPR compliant, for some folks that would also mean moving web hosts to a GDPR compliant one !

    The same would apply to your email provider, dns provider, mailing list provider etc etc.
     
  18. Revenge

    Revenge Active Member

    408
    85
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +302
    Local Time:
    11:20 PM
    1.9.x
    10.1.x
    I think the best way is to implement the new requirements to everyone.

    In the states congress, where Zuckerberg was there to answer questions about the Cambridge Analytica scandal and users privacy, someone asked him if facebook will also apply the good measures of gdpr to the united states citizens, and he said yes, they are working on it.
     
    • Agree Agree x 1
  19. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah true I can see in the years to come it would probably be baked into all services and product offerings i.e. forum and cms software would have to be developed with privacy first measures out of the box. It's the transition phase that is the painful part.

    Probably the first 12 months after May 25, 2018 will be hardest given that estimated 80% of companies won't be GDPR compliant ! Though I guess everyone is just leaving it to the last moment as the law was passed back in May 2016 so you had a good 2yrs of preparing for it.

    Edit: actually makes sense of the high rate of non-compliance with GDPR as every part of a business' operations would need to be GDPR compliant - including their 3rd party email, dns, web hosting, backup service providers as well. That also means the accounting/financial/legal firms used by companies would need to be GDPR compliant too. Means only need for one link in an organisations chain to be non-GDPR compliant for that to effectively mean you and any link in that chain is also non-GDPR compliant ? i.e. if your web host uses a 3rd party backup provider and that backup provider's accounting firm isn't GDPR compliant, then the web host's client is not GDPR compliant either ??? No idea how EU will enforce GDPR at that kind of scale !

    Edi 2: going further down the rabbit hole, what about public spam, bad bot and blacklists which post identifying info including username, email, name, ip, geolocation data ? They would most likely be not compliant with GDPR. But that means any and all services or scripts which utilise such databases to query or pass on to (export) on that personal info would also not be GDPR compliant !
     
  20. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Facebook sneaky buggers http://www.news.com.au/technology/o...s/news-story/c9de4680aeb13e3f57a8ec3bdc4e6bc9

     
    • Funny Funny x 1
..