GDPR Frequently Asked Questions

The GDPR (General Data Protection Regulation) is now in effect.
If you are a member or user of BISF House com, you are a member or user of a non commercial, community forum.

Below we have provided some general information to questions that you may have about GDPR.

Please understand that we are not lawyers and the GDPR is a set of new laws that have not yet been fully interpreted or tested by the courts. There may still be some some ambiguity relating to legal interpretation and as such, it may be better to consult with a legally qualified Soilicitor.

Q: I know nothing about GDPR, where should I start?

A: There is quite a lot of information available about GDPR online. GDPR is a new European law relating to personal data handling. The good news is that the majority of non-commercial community forums do not contain a lot of users personal data. The way in which this personal data is used or processed is pretty straightforward within basic non-commercial community related forums.

Q: What kind of personal data would be recorded by the BISF House non commercial, community forum?

A: The data collected and processed will include basic data such as the users name and email address that was provided and shared at time of first registration. Also included is the users IP address. Some community forums ask for additional information to be added to the members profile page which is considered as‘sensitive’ data. BISF House.com does not require or request this type of information.

Q: What do I need to do to make my community forum compliant with the GDPR?

A: In General, the GDPR makes the following key demands upon certain websites with particular emphasis upon commercial websites and companies operating in, or serving the European Union:

Not all of the GDPR legislation is applicable to our website. (BISF House.com)

Consent: Explicit consent from the user is required which should clearly outline how you are going to use their personal data.
For example, if you are handing over or selling your community members details in the form of lists to marketing companies for use in advertising campaigns, you should let your users know as much detail about this as possible.

Right to be forgotten (right to erasure): If someone asks that you delete their personal data, in most cases, you’ll need to comply. (More on this in the next question below.)

Right to Access: If someone asks us what personal data you have on them, we will openly provide an answer, further explaining what you hold, how and why we use it, and where possible and legally required, provide a copy of that data, providing that we can be 100% sure that you are the account holder. you may need to answer a number of questions that we my pose, to prove your identity.

Data portability: The GDPR says that certain websites will need to provide users with a copy of their personal data upon request and in a format that is machine readable and which could be imported into another platform.
We already have the ability to fulfill this type of request subject to ascertaining and confirming the users identity.

Data security: Certain websites have an obligation to make sure reasonable efforts are made to keep all data secure.
Basic security measures include making sure our community forum is served over HTTPS and that data is stored and transferred securely is already in place on BISF House.com despite our forum not strictly falling under the GDPR legislation.

Q: Is user generated content (UGC) on BISF House.com classed as personal data and is User Generated Content subject to GDRP portability rules regarding data portability and erasure?

A: User Generated Content that does not contain personally Identifiable Information is not subject to the GDRP legislation.

Q: What happens if a member asks us to delete all of their posted content and if those posts are considered to contain important non-personally identifiable information likely to benefit the community?

Providing that the User Generated Content, such as forum posts or comments are stripped of the users identifying information (for example the username and photograph of the member), then we are not required to remove the remaining content providing it does not contain User Identifiable information.
If the post or post content does contain identifiable information of the person requesting removal then we will take all necessary steps to remove the identifiable portion(s) of the content. The remaining content will be attributed under a pseudonym user name. We would also remove identifiable information about you that may have been posted by another user or member.

Your user profile allows you to personally control some of your personal information already.
In certain circumstances we may delete or remove all of your non identifiable content, even though we are not required to do so under GDPR legislation. We will treat each request on on a case by case basis with respect to this.

Q: How long can the BISF House forum keep a members personal data?

A: The GDPR says we should keep personal data no longer than is necessary for the purpose you obtained it. It would therefore be considered reasonable for the data to be kept indefinitely as a community forum is not subjected to time-limitations, as the information is used for non-commercial, educational and historical purposes only.

Q: Does BISF House have to re-opt in all community members?

A: No. Community members are not required to re-confirm their registration to the community.
The GDPR is prompting some companies to undertake a re-opt in for their email marketing lists to ensure that they have explicit consent. Even then, re-confirming email lists is only required if proper consent was not obtained at the time the emails were obtained. In any case, consent can be reconfirmed when a member returns to the community
.
Q: Does the GDPR require users to consent to the use of Cookies? How do forums use cookies?

A: On some websites, you sometimes see a notification pop-up asking people to consent to the use of cookies.
This relates to a seperate EU cookie law.
The law states that a website must obtain consent if it is using cookies to collect and store ‘non-essential’ information such as info that is used for targeting advertising.
By default, the cookies used by forum software are the ‘essential’ kind that are used to keep people logged in, track analytics and so on and consent for using this type of cookie is not required.
With respect to GDPR, certain cookies do contain small amounts of information that could be used to identify an individual person and these are treated by us as personal information and we inform you which cookies do this on a separate page..

Q: What will BISF House do if I send a GDPR request, relating to my personal information ?

A: Our policy in this case is to contact you as soon as possible. We would then attempt to validate your identity to ensure that you are legally who you say you are and confirm it is you who has made the request.We would then confirm what information you would like us to remove. We would then confirm what data we hold and what can be deleted. We would also inform you of what data we are legally entitled to retain. BISF House will always try to go above and beyond what is required under the GDPR laws and we will be happy to assist you in any way we can.There may also be instances when we will agree to delete certain data even though we are not legally bound or required to do so.

Additional Reading

EU GDPR Website : https://www.eugdpr.org/

Wikipedia: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

GDPR: data portability is a false promise: https://medium.com/mydata/gdpr-data-portability-is-a-false-promise-af460d35a629

Cookies Consent Under the GDPR: https://eugdprcompliant.com/cookies-consent-gdpr/

GDPR on Quora: https://www.quora.com/topic/General-Data-Protection-Regulation-GDPR