Jump to content

How Invision Community's tools can help with GDPR compliance

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.

How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.

We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.

Individual Rights (More information)

Right to be informed

Quote
  • The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice.
  • It emphasises the need for transparency over how you use personal data.

Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

Terms1.thumb.png.7136680cc811e89ae2f3fe8728bb026c.png

 

Guidance on what the policy should contain can be found here.

Right to erasure (More information)

Quote

The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.

Lawful bases for processing (More information)

Consent (More information)

Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.

This feature is found in the ACP > Members > Registration Settings

Consent1.thumb.png.f5b39ebfdad19effddfab8a75b90f897.png

 

Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

consent3.thumb.png.2f6b7a13aa8fe0dcc788d9ce7e9d2bb5.png

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Consent2.thumb.png.7f21b2d7c6b0b68632e01bd0d8095d11.png

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.

We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.

Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

cookies1.thumb.png.d1869dd65cd8dd2f6c5881c7adf95e76.png

 

We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.

This will display as follows:

Cookies2.thumb.png.490c6165a3cbd9e4f170c0c94e647c80.png

 

This links to a new page showing brief information about the types of cookies that Invision Community stores.

Cookies3.thumb.png.2dc45d23cac873db9b7d040d41427580.png

 

Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.

Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.

It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.

Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.

We hope this is a good starting point for you!

Edited by Matt


×
×
  • Create New...