If a member can't log in, check here.
Quick guides to how to post images, videos, etc.
User avatar
Site Admin
Posts: 5578
Joined: May 29th, 2013, 10:14 pm
Location: Splendid isolation


Post by admin »

THE LAWS REGARDING DATA PROTECTION ARE CHANGING. Your personal data that is used to access this forum is retained in a secure administrative database which is not accessible by anyone.

It will never be shared with anyone else, or be re-used by the forum Admin in any way.

What is personal data?

The key terms
GDPR and other data protection laws rely on the term 'personal data' to discuss information about individuals. There are two key types of personal data in the UK and they cover different categories of information.

What is personal data?
Personal data can be anything that allows a living person to be directly or indirectly identified. This may be a name, an address, or even an IP address. It includes automated personal data and can also encompass pseudonymised data if a person can be identified from it.

So, what's sensitive personal data?
GDPR calls sensitive personal data as being in 'special categories' of information. These include trade union membership, religious beliefs, political opinions, racial information, and sexual orientation.

The Administrator has access to your IP address from your registration, your email address and any other details that you entered on registration (except for your password, which can't ever be seen). However, to be honest, these details are truly really boring and he isn't going to look at them, except to check that you are who you say you are when you register. After registration, your account is only ever accessed if there are access difficulties that need to be resolved.

Your details are not visible to the masses and cannot be seen by any sneaky means by other members. Email addresses are always concealed, though you can email via the forum without seeing an actual email address.

The admin can see which IP address you have posted from, but doesn't care and doesn't look.

Your location may be displayed on the forum.
If you disagree with this, you can remove it in your profile settings.
I hope that none of you will find this an issue, as we all like to know where in the world the person we are speaking to lives (but not down to the house number!)

If you have any queries regarding your data, please message me. I will happily answer any questions that you may have.


"This checklist highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018."

I will respond to each clause below with a statement on how the point is being addressed.

1 Awareness
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.

The Admin has read the guidance and will comply with it as far as his techiness allows.

2 Information you hold
You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.

This forum holds whatever information members put in their profiles voluntarily. Members are free to remove any information from their profiles that they wish to.

3 Communicating privacy information
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.

The privacy policy for the sites that I administer is here

4 Individuals’ rights
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.

Member data is held securely in a restricted database and the admin cannot pull it up and read it. Nor do I want to. If a member leaves the forum, or is banned, then their account is deleted and all the information is automatically removed from the database.

5 Subject access requests
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.

If you wish to know what information is held by the Admin, message me, or just look in your profile settings.

6 Lawful basis for processing personal data You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.

Already done.

7 Consent
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.

Anyone who access this forum consents to using its facilities to access.
Personal data, can be removed as the member requires, except for login information.
Passwords are never visible to the admin.

8 Children
You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.

I don't think there are any children on here, though some of us act that way sometimes.

9 Data breaches
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.

If anyone feels their data is not secure, contact me.

10 Data Protection by Design and Data
Protection Impact Assessments - You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.

As the registration data on here can't be read by non members and most of it is concealed, we will take it as read this is not going to happen.

11 Data Protection Officers
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.

The Data Protection Officer is the Admin. My role is to keep access locked down to members only and to keep various personal data from being displayed.

12 International
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

The processing is all done in my back bedroom in Bolton.

Loveable rogue
Loveable rogue
Posts: 2547
Joined: May 30th, 2013, 11:39 am
Location: Central Victoria, Australia


Post by steveclassic »

Good to know. Thanks for the reassurance!

(Not that I have anything remotely worth stealing)