FrontEndUsers & EU GDPR

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Post Reply
TannSan
New Member
New Member
Posts: 6
Joined: Tue Oct 04, 2016 8:28 pm

FrontEndUsers & EU GDPR

Post by TannSan »

Hi, we currently use the FEU module. There is no front end registration as the site owners add the FE users manually via the FEU module in the backend.

Is this going to be breaching the new EU General Data Protection Regulationsthat are coming into force in May 2018 since the site owner is entering the user's details into the system meaning there is no chance for the user to confirm they agree to have their data stored?

To give a bit more context; the site owners with backend access are the company owners and the FEU users will be employees and customers.

Because of this I'm considering adding the SelfRegistration module and guiding the site owners into a new way of working where instead of adding people themselves, they instead send them a link to the self registration page. This feels like a round-a-bout way of doing things and adds a bunch of extra steps making the whole thing more hassle for everyone.

Any guidance here would be appreciated :)
User avatar
paulbaker
Dev Team Member
Dev Team Member
Posts: 1465
Joined: Sat Apr 18, 2009 10:09 pm
Location: Maidenhead, UK
Contact:

Re: FrontEndUsers & EU GDPR

Post by paulbaker »

My (limited) understanding of GDPR consent is that it can be given any way - e.g. verbally ("I'm going to put you on our database as a customer, is that OK?") or in an email etc. So no need to implement self registration if you don't want to as long as you get the consent some way or other.
To copy System Information to the forum:
https://docs.cmsmadesimple.org/troubles ... nformation

CMS Made Simple Geekmoots attended:
Nottingham, UK 2012 | Ghent, Belgium 2015 | Leicester, UK 2016
TannSan
New Member
New Member
Posts: 6
Joined: Tue Oct 04, 2016 8:28 pm

Re: FrontEndUsers & EU GDPR

Post by TannSan »

hmmm interesting, your mention of verbal consent gave me an idea which I followed and led to me stumbling upon a much clearer site than the ones I previously read:

https://www.whitecase.com/publications/ ... regulation

It does mention that verbal consent is OK:

"depending on the circumstances, valid consent could be provided verbally, in writing, by ticking a box on a web page"

However that will make this other ruling more difficult to follow:

"The controller must be able to demonstrate consent: the controller must be able to demonstrate that it has obtained valid consent from the affected data subjects"

So that would mean verbal consent is acceptable as long as you record it! Ugh.

Another level to look at is the fact that as the one creating and hosting the system I would be "the controller", not the company owner. They would be "the processor". Apart from running the system I will have no direct contact with their employees which means I'll need something in the system that records their consent.

Grumble, all these new regulations are a right pain in the ass. The more I read into it the more it seems I will have to implement the self registration module. I'm also reading about mysql transparent data encryption as I want to avoid having to encrypt each FEU property individually (using the FEU module's encryption option) so that the site owner can amend user details.
User avatar
paulbaker
Dev Team Member
Dev Team Member
Posts: 1465
Joined: Sat Apr 18, 2009 10:09 pm
Location: Maidenhead, UK
Contact:

Re: FrontEndUsers & EU GDPR

Post by paulbaker »

TannSan wrote:Grumble, all these new regulations are a right pain in the ass.
Now there's something we can all agree on!
To copy System Information to the forum:
https://docs.cmsmadesimple.org/troubles ... nformation

CMS Made Simple Geekmoots attended:
Nottingham, UK 2012 | Ghent, Belgium 2015 | Leicester, UK 2016
Post Reply

Return to “Modules/Add-Ons”