Online Community and GDPR - What Now?

 


Unless you’ve been hiding under a rock, you’ve probably heard of GDPR by now (or at least been barraged by emails notifying you of privacy policy changes from everyone you’ve ever contacted).

Here at Social Strata, our main goal is to give you the tools you can use to comply with new regulations, if they apply to your community. Back in the days of the US COPPA regulation, we provided a mechanism so that you could age-check and obtain parental consent, and with GDPR we’ve followed a similar path. If you have decided that your community needs to be GDPR-compliant, then you should find all of the tools you need within the hoop.la platform.

We initially detailed our approach to GDPR in a March 2018 blog post , and this week we’ve completed the new Hoop.la feature set and changes.

For our Enterprise clients, we are also able to sign a Data Processing Agreement. (Email support@socialstrata.com if you have questions about DPAs.)

Hoop.la Platform Changes

In December 2017, we had our “member deactivation” release, which provided a tool so that members could deactivate and/or delete their own accounts.

More recently, the “GDPR Countdown” release added the finishing touches. That included disabling IP address tracking, allowing revocation of agreement to your TOS, profile downloads, member deletion of their own content, and space for consent descriptors for all profile fields.

Recommended Actions for Community Admins

Whether or not GDPR applies to your community, it’s a good idea to practice good data stewardship and keep your members’ privacy foremost in your mind. If you have concerns about GDPR and how it might apply to your organization, you should definitely consult an attorney for individualized advice.

We recommend that all community admins take the time to run through the following considerations:

Does GDPR apply to me?

Here is a reference site with some FAQs for small organizations and resource materials. https://ico.org.uk/for-organis...egulation-gdpr-faqs/. Keep in mind that GDPR doesn’t mean you can’t collect data; it simply means you need to have informed consent and/or a legal basis for collecting it.

Can I trim down the amount of data I’m collecting?

This is a good “data hygiene” practice regardless of regulations. Take a look at the information you’re collecting at registration and in your member profiles, and consider getting rid of any requests for data that you’re not using for a specific purpose.

Go through the new features and enable any that apply.

Take a moment and review the new hoop.la features (see the links above to the detailed feature announcements). For the new profile field descriptors particularly, you will need to add explanatory text to each data field, telling the member why you are asking for that information.

Review your TOS and privacy policy.

Here’s a resource from the regulators, with sample wording and privacy policy guidance: https://ico.org.uk/for-organis...your-privacy-notice/. Be clear, concise, and open about why and how you are using the personal data provided. If you already had a Privacy Shield-compliant policy, you’re already most of the way there.

Add a cookie notice?

Depending on your legal advice, you may want to add a cookie notice to your site to comply with the existing ePrivacy Directive. We supplied some sample wording on how hoop.la itself uses cookies in this blog post: https://www.socialstrata.com/blog/EUcookielaw. You can inject code into the header or footer of hoop.la to use the typical cookie notice format (and there are third party code snippets that are available).

Consider using a news flash to alert members to the new features.

We recommend using hoop.la's "news flash" feature to summarize the new features and your own approach to data privacy. Most important for members is the fact that they have the ability to deactivate, delete, and/or download their own data.

If you have any questions about hoop.la's privacy features, please visit our support site and we can assist you.



If you’ve got insomnia, and/or would like to read the legal fine print of the GDPR, here it is: http://eur-lex.europa.eu/legal...uri=CELEX:32016R0679.

Here’s the more user-friendly website: https://ico.org.uk/for-organis...ion-regulation-gdpr/



Featured title image: Photo by pine watt on Unsplash

Add Comment

Comments (0)

×
×
×
×