EU General Data Protection Regulations

[wickham]

EU General Data Protection Regulations have to be complied with by 25th May 2018 - until we leave the EU, I suppose!

https://en.wikipedia.org/wiki/General_D ... Regulation

These apply to almost any method of holding or displaying personal information, like paper or online data. It's recommended that data is stored under password or encrypted, or locked away if on paper.

I have a village website where I show contact details for club members and I want those to be available to any member of the public. I don't want my website to be for members only subject to password login. Will I be contravening the regulations?

Similarly I am a committee member of a local archive that is part of a charity and we have thousands of documents on shelves available for public view. We obviously can't encrypt or password protect these, and at present they aren't locked away. Is that a problem?

It's also recommended that personal data should be stored on two databases, one with an anonymous ID and the other with personal details, (both encrypted, optional) and linked by password protected authority. This would apply to forums that I administer, but phpBB like most forums only has one database.

There aren't many exceptions but the few exceptions include totally personal use like your email address file, military use, etc.

Comments please.

[Alaric]

Comments please.

The Government has been extremely quiet on what monster of compliance red tape it has unleashed on the public. These days almost every phone has a database of contacts and other "personal" information. Whilst allegedly individuals are exempt, the position as to what happens when they are also acting as part of a small organisation remains ill-defined.

At least one solution is to ignore it and challenge Government or its representatives to take action. Particularly as that is or can be spun as an EU activity, the chances of success against public opinion may be dubious. It's highish risk, but isn't it a blow for the individual against the all powerful State and the impositions it will make?

[tjh290633]

I hold a number of lists of members of organisations.

On looking at the guidance on the gov.uk website, I found that under "Exemptions" I could answer "No" to at least one of the flow chart questions. It follows, therefore, that there is no need to register or pay a fee.

Safeguarding of information is another matter.

TJH

[PinkDalek]

EU General Data Protection Regulations have to be complied with by 25th May 2018 ...

Does this thread at Legal Issues (Practical) assist?:

viewtopic.php?f=2&t=9943&hilit=gdpr

It commences I have just formed a small club. To date I have about 100 members...

[wickham]

Does this thread at Legal Issues (Practical) assist?:

Not exactly. It doesn't really deal with a village information website where personal details are on display publicly, like a telephone directory.

[UncleEbenezer]

IANAL. My advice is worth what you paid for it, or probably less.

I have a village website where I show contact details for club members and I want those to be available to any member of the public. I don't want my website to be for members only subject to password login. Will I be contravening the regulations?

I think that one looks clear: you would indeed come under the regulations and need to obtain explicit consent from all whose details are displayed. And that's not just red tape: it could come back to bite you if someone uses your information to help commit a crime (e.g. fraud, identity theft, personal harassment).

Similarly I am a committee member of a local archive that is part of a charity and we have thousands of documents on shelves available for public view. We obviously can't encrypt or password protect these, and at present they aren't locked away. Is that a problem?

Does that contain personal details concerning living people? If yes, how useful a resource might it be for a criminal seeking to abuse the data? It might be a grey area, with the shade of grey determined by that kind of question.

It's also recommended that personal data should be stored on two databases, one with an anonymous ID and the other with personal details, (both encrypted, optional) and linked by password protected authority. This would apply to forums that I administer, but phpBB like most forums only has one database.

That's purely a practical issue, and I'd be surprised if GDPR materially changes anything from the old Data Protection Act. I expect LemonFool would reveal all they know about your or my real identity if ordered to do so by a court, but should keep them secure against unauthorised access.

That may have been a strong reason the old Fool boards shut down. Whereas PHPBB's private message facility works with our public aliases, TMF's facility would reveal much more of a Fool's identity. They were perhaps *always* on thin ice with that, and at ever-increasing risk as awareness grew.

[UncleEbenezer]

sorry, posted to wrong thread just now. Deleting substance of off-topic post