Are we GDPR compliant? I'm getting a ton of e-mails from all sorts of websites I've used over the years - some of which I'd forgotten I'd given my e-mail address to. It just occurred to me that this account has a certain amount of data about people too. Do we need to check whether people are happy about that?
(There's no warning regarding cookies, so I guess this site doesn't use them...)
From Tech Radar:
"The main points of GDPR concern the privacy rights of everyday users and the data they create online, and will affect businesses of all sizes due to their effect on how companies gather, store, and look after their data.
"Under GDPR, companies will also need to give explicit notice when collecting the personal data of their customers. This will mean that consent will need to be explicitly given, and that companies will have to detail the exact purpose for which customers' data will be used.
"This personal data will also need to be encrypted by default as part of a process known as pseudonymization, meaning that it can't be linked to a specific person without being accompanied by extra information.
"Personal data applies to a wide range of information – effectively anything that could be used to directly or indirectly identify a person online. This could include names, email addresses, images, bank details, posts on social networking websites, medical information, or even a computer IP address.
"Users will also have the right to know exactly what details a company or organization holds about them, and also request that any of this information be deleted if they feel their rights to privacy are being infringed as part of the new 'right to erasure'."
Thanks @advocatux - I just didn't want us falling foul of the EU regs. That'd never do!
Well we eventually will need some "what data do we store?" for the forum and the homepage. Already working on that