• 💖 [Donate To Keep MyPTSD Online] 💖 Every contribution, no matter how small, fuels our mission and helps us continue to provide peer-to-peer services. Your generosity keeps us independent and available freely to the world. MyPTSD closes if we can't reach our annual goal.

Gdpr compliance - 25 may 18

Status
Not open for further replies.

anthony

Founder
What is the GDPR?

The GDPR is a European Union (EU) regulation that has been designed to protect the data and privacy of EU residents. It strengthens and replaces existing data protection acts/directives and becomes enforceable from 25th May 2018. The primary aim is to give control to EU residents over their personal data and unify regulation within the EU.

MyPTSD already comply to the new standards, however, with the upgrade we are going to do it better, easier, for members to control their personal information.

What is Personal Information?

Personal information is identifiable information (identifiable marker to clearly say it is you), such as email, DOB, real name, address, phone, so forth. MyPTSD do not control what a member shares, thus we are not responsible. We do remove public personal information by default, purely for security on behalf of members, already. We do disable accounts on request, but not delete accounts for acceptable reason in compliance with the existing and new standards.

What We Must Meet for EU Residents
  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.
The New Upgrade

Regardless how we do it now, the upgrade will have better features so members can access their personal information directly, and perform account tasks, without our intervention. Such features will include:
  • Self account deactivation
  • Profile data sheet of all personal information stored at MyPTSD
  • Forced, permanent recording, of consent to legal and privacy policies
  • Forced, permanent recording, of consent to cookie acceptance
Right to Erasure

Before anyone claims that we MUST erase all your personally identifiable information, or posts -- don't. It is untrue. See: Guide to the General Data Protection Regulation (GDPR)

We have rights to maintain certain data, which is what we do right now, in order to provide a working service / website to members of the public without risking your personal information in that processing. Such data may be IP's for a period of time to ensure malicious use does not occur, deleting accounts entirely where it breaks every link which causes MyPTSD undue consequence in search engine results (we can anonymise usernames), etc.

We do these things now on request. We allow members to change their usernames to anonymise themselves within reason.

Google

GDPR also impacts Google analytics data stored on a member, of which does not apply to MyPTSD, as we stopped using external analtyics system around six months ago from writing this. We found Google was getting way too pushy in their data collection and storage, thus removed them.

Conclusion

Really, nothing will change. We are going to do it better though with the new upgrade to give members more ease in which to feel their privacy is being respected and controllable by themselves, without admin intervention.
 
Status
Not open for further replies.
Back
Top