The Best GDPR Resources (NOT Generic Overview Articles)

Forum Moderators: webwork

Message Too Old, No Replies

The Best GDPR Resources (NOT Generic Overview Articles)

Please use this thread to provide links to particularly help GDPR resources

Webwork

4:49 pm on Aug 30, 2018 (gmt 0)

Here's an interesting collection of Privacy Policy "disclosures" - "~proposed" snippets of disclosure language - stating how the WordPress "core" collects and/or stores personal information.

Read the snippets, compare them to your privacy policy's disclosures and then ask yourself: "How well do I REALLY understand the niceties and nuances of the GDPR? Have I made the requisite disclosures in order to be in compliance?"

[github.com ]

There is no easy path through the GDPR minefield.

So, what else you got?

Webwork

5:05 pm on Aug 30, 2018 (gmt 0)

Flickr's (Yahoo = Oath.com) extensive country specific / localized (translated) list of privacy policies.

Due to the presumed expertise of Oath's legal counsel it's likely a useful starting point if you want to localize / translate a version of your own TCU / PP.

[policies.yahoo.com ]

Leosghost

5:10 pm on Aug 30, 2018 (gmt 0)

The EU GDPR legislation official site..choose your preferred language..download the legislation, read it, it is easy to comply with it..
[eur-lex.europa.eu...]

A useful guide from the UK official body tasked with the GDPR in English..explaining "consent".
[ico.org.uk...]

Further information from the ICO, the UK official body tasked with the GDPR in English..explaining "lawful basis processing data" consent".
[ico.org.uk...]

Interactive tool by the ICO..
[ico.org.uk...]

ICO guide to GDPR..
[ico.org.uk...]

Leosghost

5:29 pm on Aug 30, 2018 (gmt 0)

Re Oath..
In the privacy policy in English ( UK ) from the line ( header ) which reads..
"How we share this information"
the privacy policy is not GDPR compliant ..

Due to the presumed expertise of Oath's legal counsel it's likely a useful starting point if you want to localize / translate a version of your own TCU / PP.

is not a safe presumption to make..if one follows their example , one is not GDPR compliant..
Why ? they make "consent" contingent upon using their services, that is not acceptable under GDPR legislation ..
"consent must not be forced "
I'm in the EU, I just visited flickr..( before typing this sentence, having read the Oath "privacy" pages in both English and again French )
There was no GDPR notice ( "accept" or "do not accept" ) served to me on landing with scripts blocked..
There was no GDPR notice ( "accept or do not accept" ) even when I allowed javascript from flickr..

So..flickr ( run by Oath ) is not GDPR compliant.

Nowhere does Oath say inj it's privacy pages, what they do if you do not "consent"..
if you click "sign up" at flickr you are sent to a yahoo "sign up page"
it has no GDPR ( "accept" or "do not accept" notice ) or if you prefer , it has no GDPR "consent or do not consent notice"..
Thus it is not GDPR compliant..