Matt

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

If you've already got a Wordpress website, and have recently added an Invision Community, you might want to show recent posts or topics right on your Wordpress site.
You might think this involves complex programming and custom themes, but thanks to some Pages magic, it's a very simple task that you can do in under 5 minutes.
This very short video walks you through the process.
If you'd prefer a written step by step, then head over to our help guides.
As you can see, the whole process is very quick and very easy. Adding the latest topics on your site is a great way to drive discussion into your Invision Community.
Let us know if you have any questions!

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

We're thrilled to announce that Invision Community 4.3 is available to download now.
After months of development, over 2500 separate code commits and quite a few mugs of coffee you can now get your hands on the final release.

You can download the final release from your client area.
If you need a recap of what was added, take a look at our product updates blog which takes you through the highlights. These include:
 
We'd love to know what you think, let us know below.

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!

The General Data Protection Regulation (GDPR) is a regulation (EU 2016/679) that is intended to strengthen and unify data protection for EU residents from 25th May 2018.
How can Invision Community help?
While Invision Community enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, then we recommend that you research your responsibilities.
We have introduced several new tools in Invision Community 4.2.7 to help you with compliance, and we'll run through them and the relevant sections of the regulation in this blog.
Individual Rights (More information)
Right to be informed
Invision Community has an area for you to edit your own privacy policy. This is found in the Admin CP > Settings > Terms & Privacy Policy.

 
Guidance on what the policy should contain can be found here.
Right to erasure (More information)
Invision Community allows you to delete a member from the Admin CP. If the member has left posts or comments on your community, you can elect to delete the content, or keep it but remove the author's details thereby making the content anonymous.
Lawful bases for processing (More information)
Consent (More information)
Invision Community now features a setting to not automatically opt in to administrator emails such as those sent by the bulk email system often used for newsletters when registering a new account on your community.
This feature is found in the ACP > Members > Registration Settings

 
Part of the consent regulation is to record when consent was given. The consent to opt-in for administrator emails such as bulk emails sent via the Admin CP is recorded at registration, and each time they change the setting. This record can be found in the member history log when viewing a member in the Admin CP.

If you change the Terms & Conditions, or the Privacy Policy, you can request that members accept these changes when they next log in thus giving their consent for those changes.

Cookies (More information)
Invision Community stores a small amount of data in cookies. These are used to authorize you when you re-visit a community. Other cookies are used to provide a service at the user's request, such as changing a theme or using Commerce's cart.
We have added additional features for Invision Community 4.2.7 to permit acknolwedgement that cookies will be set, and a brief page outlining the types of cookies that are set.
Invision Community has a feature that shows a small message to new visitors to the community. This is found in the Admin CP > Terms & Privacy Policy page.

 
We have pre-configured a cookie acknowledgement message using the short-tags {cookies}.
This will display as follows:

 
This links to a new page showing brief information about the types of cookies that Invision Community stores.

 
Although at the time of writing this blog entry, the regulation states that there is no exact information that you need to show on the cookie page, you can edit it to add more detail if you wish.
Summary
We hope these new tools available with Invision Community 4.2.7 make it easier for you to seek compliance with GDPR if you choose to do so.
It's worth pointing out that we are awesome at making community software and know a huge amount about making communities successful, but we are not experts in EU regulation. We offer this blog entry as a way to assist you in seeking compliance but you must do your own research and are responsible for your own community.
Invision Community 4.2.7 is currently in beta testing. We're aiming to release it early next week.
We hope this is a good starting point for you!