My GDPR

Intro


The following information is in regards to this site (daveiw.co.uk) and what I am doing towards GDPR compliance.


I'm not going to waffle on about what GDPR is, by now this should all be common knowledge, and what that is and what it means for pretty much every website that an EU Citizen is likely to come in contact with. This page is going to be about what I'm doing to this website to make it GDPR compliant to the extent the GDPR currently exists.

Please keep in mind that this is a work in progress and not lawful advice (I am not a lawyer), should you need help, get in touch with your legal team.

This page will be updated as I progress, so please keep checking back if you are interested.

9 Weeks to go.

Updated2018-03-16

Changes

  • GDPR Memberships activated
    • These replace existing membership levels
      • Expire after 6 months, users are requested to renew every 6 months or it is considered removing concent, and the account will be deleted.
  • User Notifications of GDPR
    • This week I notified both Subscribers and Suppliers of changes to the membership regarding GDPR, outlining the change and requesting their switch.

14 Weeks to go.

Updated2018-02-11

Changes

  • Age Restrictions
    • Users are now prompted to confirm whether or not they are 16 or over when entering personal information:
      • GDPR Data Requests
        • Due to requesting an email address.
      • Request For Quotes
        • Due to requesting an email address.
      • When Registering
        • Due to requesting personal information.

15 Weeks to go.

Updated2018-02-05

Changes

  • GDPR Request personal data link in the email is now working.
    • Shows:
      • Comment Date.
      • Author Email.
      • Author Name.
      • Comment Content.
      • Post ID.
      • The option to select each comment for deletion.
    • You are now able to send a "Delete Request" for those comments selected.
    • You are now able to download your comments as a CSV file.

16 Weeks to go.

Updated2018-01-30

Changes

  • GDPR page created to sit alongside Terms of Service
    • Lists what data is collected
    • Lists how the data is used
    • Advised how to cancel account
    • Lists data retention
  • GDPR Request personal data form created. (GDPR – Request personal data)
    • This collects the instruction for a data request from the user
    • Logs the date and email for auditing and compliance purposes
    • This can be found under "Account"

30 Weeks to go.

Updated2017-10-24

EU Cookie notice

  • The EU Cookie notice will be replaced by GDPR, but the notice will remain.

Retention

  • Now, this is an interesting one, as it was to do with not only historical log files, but also backup and recovery. I had to make sure I was aware of limits and expire dates.
  • Also, decide on what time period constitutes a user stagnation period to which the data will automatically be dropped if not requested to be done.

Documentation

  • I've started creating replacement policies
    • Listing All data collected, why and how to request data or have it removed.
  • I've started creating replacement pages:
    • Sign up
    • Membership Level Selection

Users

  • I'm planning on how to rollout GDRP to my users.
    • Issue an email to everyone to signup to a new GDPR membership level (when it comes online)
      • On 25/05/2018, those users not signed up will be deleted, along with any of their data.
        • Periodically remove stagnated accounts by default.

Changes

31 Weeks to go.

Updated2017-10-19

Write Everything Down

  • When this journey of information started, I made a point to write everything down, and ask myself the questions:
    • Why do I need it?
    • What is it used for?

Data

  • I started off looking at what information is stored in a users profile, this bit was easy.
  • What was asked during signup?
  • Followed by what is recorded when they browse and post comments. This is information such as IP address.
  • I then moved on to Google Analytics, what data does that gobble up.
  • I then took a trip over to my service provider to read up on what they are doing for GDPR and how their GDPR and my own was progressing.

Forms

  • I was looking at what forms are on my site, then looked at whether or not I actually needed them; and where necessary started removing them, including removing the plugins.

Searching

  • The generic search box in the site's header has been removed.
  • A new search menu item has been added to link to a GDPR ready search page. [completed]

EU Cookie notice

  • The EU Cookie notice will be replaced by GDPR.

Plugins

  • With forms pushing me in the right direction, I started thinning out site plugins, those that:
    • Are no longer needed
    • Collected  duplication information
  • I also started looking at plugins that could assist me with GDPR data requests.

Sharing

  • To prevent the issue of retaining non-member data, I removed the sharing of posts and comments by users throughout the site. [completed]

Email Subscriptions

  • I also updated signup boxes for RFQs and Weekly blog updates: [completed]
    • What is collected
    • Why
    • How long

Retention

  • Now, this is an interesting one, as it was to do with not only historical log files, but also backup and recovery. I had to make sure I was aware of limits and expire dates.
  • Also, decide on what time period constitutes a user stagnation period to which the data will automatically be dropped if not requested to be done.

Documentation

  • I've started creating replacement policies
    • Listing All data collected, why and how to request data or have it removed.
  • I've started creating replacement pages:
    • Sign up
    • Membership Level Selection

Users

  • I'm planning on how to rollout GDRP to my users.
    • Issue an email to everyone to signup to a new GDPR membership level (when it comes online)
      • On 25/05/2018, those users not signed up will be deleted, along with any of their data.
        • Periodically remove stagnated accounts by default.

Changes

  • Non-Required plugins removed.
  • Draft GDPR signup pages created.
  • Draft GDPR Policies created.
  • GDPR Change in progress notification posted. (this page).
  • Updated RFQ email request form on RFQs page.
  • Updated RFQ & Weekly email request on Email subscription page.
  • Header Search form removed
  • New Search menu item added to point to GDPR ready Search page.
  • Account page updated with GDPR references.

Hits: 91