The GDPR Countdown Release

 

Today, we rolled out a major update for Hoop.la that finishes off the last of our GDPR-related feature additions.  GDPR regulations become enforceable on May 25, 2018.  Whether you are subject to GDPR regulations or not, we highly recommend that all community sites consider adopting the GDPR-specific features that we have been adding.

1. Disable IP Tracking

Super admins can now disable all user IP tracking in Hoop.la. When enabled, the system will no longer collect/store IP addresses for users. That also means, of course, that you will not be able to search for users based on their IP addresses, nor perform any other IP-related features.

Note that when you disable IP tracking, you also agree to remove all previously collected IP address information.

You'll find this new setting in the Member Settings control panel.

2. Allow Members to Revoke Agreement to Your TOS

One of the requirements of GDPR is that you allow your registered members to revoke their agreement to your terms anytime.  Hoop.la now supports this in the Registration Settings control panel.

revoke-tos-agreement

If a member revokes agreement to your terms of service, we treat them like deactivated members. They will not be deleted and they come back and re-activate later.

3. Allow Members To Download All Profile Information

GDPR also requires that users be allowed to download their personal data at anytime.  Hoop.la now supports this on the member's "Update Profile" page. 

Screenshot 2018-05-21 14.03.23

4. Allow Members To Delete All Of Their Content

We previously added support for allowing users to delete their own accounts.  Now, we have enhanced that option by allowing users to optionally delete all of the content they posted, when they decide to delete their accounts.

In Member Settings, if you enable the option to allow members to delete their own accounts, you will now see a sub-option to allow them to delete their content at the same time.

Screenshot 2018-05-21 14.07.04

5. Optional Descriptions Per Profile Field

Another element of GDPR is to explain to users why you are collected information from them. To support that, we have added support for optional descriptions for all profile fields (including custom profile fields). This way, you can clarify the reason for collecting each profile element, if you like.

As usual, there were other minor big fixes and improvements in this release.  

If you have any questions or comments, please let us know on our support site.

Attachments

Photos (3)

Add Comment

Comments (5)

Newest · Oldest · Popular

My best recommendation would be to consult a lawyer about what your GDPR requirements are. If you are not doing business in the EU or directly marketing to users in the EU, you may not need to comply.

You also might consider your specific workflow. If these users are doing direct business with you, you could make it clear in your separate onboarding / contracting process that their personal information will need to be used in your internal system (Hoop.la) as a contingency of being a customer.

We can't give you legal advice, but these are a couple of angles to consider, anyway!

Hi Brian, I understand what you're saying. We're in a different situation than most of your clients, I believe.  Our community is 100% business related; all members are paying clients and they engage us to provide jurisdiction-specific regulatory information. Members cannot join our community on their own - they have to execute a contract for our services first, which includes agreeing to our terms of use of the community. Our members are chief compliance officers of (highly regulated) investment firms, and we verify all kinds of information about them before agreeing to work with them - keeping their location a secret is just not possible in this business.  I recognize this is different than how Hoop.la is used by others, and that you need to tailor your services to the majority of your customers rather than the one-offs like us.

 

Hi @MHK@CS2, there's currently no way to set permissions up or use recipes as you've described. I'm not a lawyer, but I'm not even sure that approach would work from a GDPR perspective. You would technically need to identify members by first collecting some information about them in order to determine whether to give them the "GDPR treatment" or not. I'm not sure that would pass muster. It's definitely an interesting idea, so you could always suggest it separately in the support section of our site!

Hi Ted,

I'm guessing this is not possible, but it would be great if we could use Circles to apply the GDPR settings only to members to whom it applies.  As it stands, we're telling clients in Europe that they will have to drop membership if they want these features, because we are not willing to enable these restrictions for everyone when less than 1% of our clients are in Europe.  If we had the ability to have a Europe Circle, and only enable this for them, that would be ideal.

Thanks,

Mary

×
×
×
×