THE FORUM INFORMATION TOPIC
Posted: February 17th, 2021, 6:10 pm
This locked topic tells you most of what you need to know to get by in the forum.
It contains:
1 THE BASIC FORUM RULES
2 GDPR GUIDANCE AND PRIVACY POLICY
THE RULES
The Rules.
Nice and simple:
1) Respect each other and the band. Play nicely. Try to stay on topic. Posts insulting a member of the band will result in the topic being closed.
2) No selling without payment protection - Ebay and Amazon, etc are ok.
3) The group's (and their families) current addresses are private. No posts re properties that they currently own.
4) Please do not ask the forum to put you in touch with group members, past or present.
5) Don't ask the admin to value records - look on Ebay or Discogs.
6) Enjoy.
GDPR GUIDANCE AND PRIVACY POLICY
PRIVACY POLICY: Apparently, I have to show a privacy statement for my websites...
The privacy policy for the sites that I administer is here
GDPR FOR THIS FORUM:
THE LAWS REGARDING DATA PROTECTION ARE CHANGING.
Your personal data that is used to access this forum is retained in a secure administrative database which is not accessible by anyone, not even the Admin. It will never be shared with anyone else, or be re-used by the forum Admin in any way.
What is personal data?
The key terms
GDPR and other data protection laws rely on the term 'personal data' to discuss information about individuals. There are two key types of personal data in the UK and they cover different categories of information.
What is personal data?
Personal data can be anything that allows a living person to be directly or indirectly identified. This may be a name, an address, or even an IP address. It includes automated personal data and can also encompass pseudonymised data if a person can be identified from it.
So, what's sensitive personal data?
GDPR calls sensitive personal data as being in 'special categories' of information. These include trade union membership, religious beliefs, political opinions, racial information, and sexual orientation.
The Administrator has access to your IP address from your registration, your email address and any other details that you entered on registration (except for your password, which can't ever be seen). However, to be honest, these details are truly really boring and the Admin isn't going to look at them, except to check that you are who you say you are when you register. After registration, your account is only ever accessed if there are access difficulties that need to be resolved, like giving you a new password. Your old or existing password is never visible to the Admin.
Your details are not visible to the masses and cannot be seen by any sneaky means by other members.
Email addresses are always concealed, though you can email via the forum without seeing an actual email address.
The admin can see which IP address you have posted from, but doesn't care and doesn't look.
Your location (your hometown) may be displayed on the forum.
If you disagree with this, you can remove it in your profile settings.
I hope that none of you will find this an issue, as we all like to know where in the world the person we are speaking to lives (but not down to the house number!)
If you have any queries regarding your data, please message me.
I will happily answer any questions that you may have.
THE CHECKLIST
"This checklist highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018."
I will respond to each clause below with a statement on how the point is being addressed.
1 Awareness
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
The Admin has read the guidance and will comply with it as far as his techiness allows.
2 Information you hold
You should document what personal data you hold, where it came from and who you share it with.
You may need to organise an information audit.
This forum holds whatever information members put in their profiles voluntarily.
Members are free to remove any information from their profiles that they wish to.
3 Communicating privacy information
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
The privacy policy for the sites that I administer is here
4 Individuals’ rights
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
Member data is held securely in a restricted database and the admin cannot pull it up and read it. Nor do I want to. If a member leaves the forum, or is banned, then their account is deleted and all the information is automatically removed from the database.
5 Subject access requests
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
If you wish to know what information is held by the Admin, message me, or just look in your profile settings.
6 Lawful basis for processing personal data.
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
Already done.
7 Consent
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
Anyone who access this forum consents to using its facilities to access it.
Personal data, can be removed as the member requires, except for login information.
Passwords are never visible to the admin.
8 Children
You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
I don't think there are any children on here, though some of us act that way sometimes.
9 Data breaches
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
If anyone feels their data is not secure, contact me. Happy to chat.
10 Data Protection by Design and Data
Protection Impact Assessments.
You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
As the registration data on here can't be read by non members and most of it is concealed, we will take it as read this is not going to happen.
11 Data Protection Officers
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.
The Data Protection Officer is the Admin.
My role is to keep access locked down to members only and to keep various personal data from being displayed.
12 International
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.
The processing is all done in my back bedroom in Bolton.
There are NO stacks of paper with all of your personal info on them.
I don't have room to swing a cat, never mind store unnecessary stuff.
It contains:
1 THE BASIC FORUM RULES
2 GDPR GUIDANCE AND PRIVACY POLICY
THE RULES
The Rules.
Nice and simple:
1) Respect each other and the band. Play nicely. Try to stay on topic. Posts insulting a member of the band will result in the topic being closed.
2) No selling without payment protection - Ebay and Amazon, etc are ok.
3) The group's (and their families) current addresses are private. No posts re properties that they currently own.
4) Please do not ask the forum to put you in touch with group members, past or present.
5) Don't ask the admin to value records - look on Ebay or Discogs.
6) Enjoy.
GDPR GUIDANCE AND PRIVACY POLICY
PRIVACY POLICY: Apparently, I have to show a privacy statement for my websites...
The privacy policy for the sites that I administer is here
GDPR FOR THIS FORUM:
THE LAWS REGARDING DATA PROTECTION ARE CHANGING.
Your personal data that is used to access this forum is retained in a secure administrative database which is not accessible by anyone, not even the Admin. It will never be shared with anyone else, or be re-used by the forum Admin in any way.
What is personal data?
The key terms
GDPR and other data protection laws rely on the term 'personal data' to discuss information about individuals. There are two key types of personal data in the UK and they cover different categories of information.
What is personal data?
Personal data can be anything that allows a living person to be directly or indirectly identified. This may be a name, an address, or even an IP address. It includes automated personal data and can also encompass pseudonymised data if a person can be identified from it.
So, what's sensitive personal data?
GDPR calls sensitive personal data as being in 'special categories' of information. These include trade union membership, religious beliefs, political opinions, racial information, and sexual orientation.
The Administrator has access to your IP address from your registration, your email address and any other details that you entered on registration (except for your password, which can't ever be seen). However, to be honest, these details are truly really boring and the Admin isn't going to look at them, except to check that you are who you say you are when you register. After registration, your account is only ever accessed if there are access difficulties that need to be resolved, like giving you a new password. Your old or existing password is never visible to the Admin.
Your details are not visible to the masses and cannot be seen by any sneaky means by other members.
Email addresses are always concealed, though you can email via the forum without seeing an actual email address.
The admin can see which IP address you have posted from, but doesn't care and doesn't look.
Your location (your hometown) may be displayed on the forum.
If you disagree with this, you can remove it in your profile settings.
I hope that none of you will find this an issue, as we all like to know where in the world the person we are speaking to lives (but not down to the house number!)
If you have any queries regarding your data, please message me.
I will happily answer any questions that you may have.
THE CHECKLIST
"This checklist highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018."
I will respond to each clause below with a statement on how the point is being addressed.
1 Awareness
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
The Admin has read the guidance and will comply with it as far as his techiness allows.
2 Information you hold
You should document what personal data you hold, where it came from and who you share it with.
You may need to organise an information audit.
This forum holds whatever information members put in their profiles voluntarily.
Members are free to remove any information from their profiles that they wish to.
3 Communicating privacy information
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
The privacy policy for the sites that I administer is here
4 Individuals’ rights
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
Member data is held securely in a restricted database and the admin cannot pull it up and read it. Nor do I want to. If a member leaves the forum, or is banned, then their account is deleted and all the information is automatically removed from the database.
5 Subject access requests
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
If you wish to know what information is held by the Admin, message me, or just look in your profile settings.
6 Lawful basis for processing personal data.
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
Already done.
7 Consent
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
Anyone who access this forum consents to using its facilities to access it.
Personal data, can be removed as the member requires, except for login information.
Passwords are never visible to the admin.
8 Children
You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
I don't think there are any children on here, though some of us act that way sometimes.
9 Data breaches
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
If anyone feels their data is not secure, contact me. Happy to chat.
10 Data Protection by Design and Data
Protection Impact Assessments.
You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
As the registration data on here can't be read by non members and most of it is concealed, we will take it as read this is not going to happen.
11 Data Protection Officers
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.
The Data Protection Officer is the Admin.
My role is to keep access locked down to members only and to keep various personal data from being displayed.
12 International
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.
The processing is all done in my back bedroom in Bolton.
There are NO stacks of paper with all of your personal info on them.
I don't have room to swing a cat, never mind store unnecessary stuff.