• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: FrontEndUsers & EU GDPR
PostPosted: Fri Nov 17, 2017 3:05 pm 
Offline
New Member
New Member

Joined: Tue Oct 04, 2016 8:28 pm
Posts: 6
Hi, we currently use the FEU module. There is no front end registration as the site owners add the FE users manually via the FEU module in the backend.

Is this going to be breaching the new EU General Data Protection Regulationsthat are coming into force in May 2018 since the site owner is entering the user's details into the system meaning there is no chance for the user to confirm they agree to have their data stored?

To give a bit more context; the site owners with backend access are the company owners and the FEU users will be employees and customers.

Because of this I'm considering adding the SelfRegistration module and guiding the site owners into a new way of working where instead of adding people themselves, they instead send them a link to the self registration page. This feels like a round-a-bout way of doing things and adds a bunch of extra steps making the whole thing more hassle for everyone.

Any guidance here would be appreciated :)


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: FrontEndUsers & EU GDPR
PostPosted: Mon Nov 20, 2017 3:41 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Sat Apr 18, 2009 10:09 pm
Posts: 1417
Location: Maidenhead, UK
My (limited) understanding of GDPR consent is that it can be given any way - e.g. verbally ("I'm going to put you on our database as a customer, is that OK?") or in an email etc. So no need to implement self registration if you don't want to as long as you get the consent some way or other.

_________________
To copy System Information to the forum:
https://docs.cmsmadesimple.org/troubles ... nformation

CMS Made Simple Geekmoots attended:
Nottingham, UK 2012 | Ghent, Belgium 2015 | Leicester, UK 2016


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: FrontEndUsers & EU GDPR
PostPosted: Tue Nov 21, 2017 12:09 pm 
Offline
New Member
New Member

Joined: Tue Oct 04, 2016 8:28 pm
Posts: 6
hmmm interesting, your mention of verbal consent gave me an idea which I followed and led to me stumbling upon a much clearer site than the ones I previously read:

https://www.whitecase.com/publications/ ... regulation

It does mention that verbal consent is OK:

"depending on the circumstances, valid consent could be provided verbally, in writing, by ticking a box on a web page"

However that will make this other ruling more difficult to follow:

"The controller must be able to demonstrate consent: the controller must be able to demonstrate that it has obtained valid consent from the affected data subjects"

So that would mean verbal consent is acceptable as long as you record it! Ugh.

Another level to look at is the fact that as the one creating and hosting the system I would be "the controller", not the company owner. They would be "the processor". Apart from running the system I will have no direct contact with their employees which means I'll need something in the system that records their consent.

Grumble, all these new regulations are a right pain in the ass. The more I read into it the more it seems I will have to implement the self registration module. I'm also reading about mysql transparent data encryption as I want to avoid having to encrypt each FEU property individually (using the FEU module's encryption option) so that the site owner can amend user details.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: FrontEndUsers & EU GDPR
PostPosted: Wed Nov 22, 2017 1:54 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Sat Apr 18, 2009 10:09 pm
Posts: 1417
Location: Maidenhead, UK
TannSan wrote:
Grumble, all these new regulations are a right pain in the ass.

Now there's something we can all agree on!

_________________
To copy System Information to the forum:
https://docs.cmsmadesimple.org/troubles ... nformation

CMS Made Simple Geekmoots attended:
Nottingham, UK 2012 | Ghent, Belgium 2015 | Leicester, UK 2016


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: googlebot


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting