With the recent General Data Protection Regulation (GDPR) updates, we thought it a good time to go over Privacy and your SocialEngine Community. This article will go over the “why,” “what,” and “how” regarding what’s on everyone’s mind these days – user data privacy.
What is the GDPR?
In layman’s terms, the GDPR was enacted in order to ensure that data from European individuals is protected and only used in accordance with their express permission. This law has a broad scope covering any data from anyone within the European member states and fines of up to $20,000,000 can be assessed for non-compliance.
What Can I do for Privacy?
In SocialEngine PHP, you can modify the Terms of Service and Privacy Policies by following this tutorial. We suggest making it required to agree to these by setting the setting shown in this tutorial.
This depends on your location so you may need to seek legal advice. We’ll give some general tips to here:
- List the types of personal information you store, why you store it, where you store it, who you share it with, the source of information and how long you store it.
- Give information for how the user can delete their data, how they can download their data, how they can edit their data, and how to unsubscribe from newsletters or site mail.
- If using anything that collects data such as Google analytics or other website statistic software, disclose that and provide links to those privacy policies.
- If sending data to 3rd parties, disclose that information and give users a chance to opt out of such data sharing.
- Post steps you’ll take in case of a data breach.
Things to Avoid
Users today are very aware of their rights regarding their data. They are also very skittish regarding sharing of their personal data as seen with the recent Cambridge Analytica Scandal . Here are a few things you should avoid:
- Selling user data without express permission. These days, it’s best just to avoid doing this at all.
- Storing user data in zip files on your server. For SocialEngine PHP clients, this is something that should absolutely be avoided. Never store your backups on your server in any public locations. We suggest using an external backup service or backup system.
- Only give out server access if absolutely necessary. If using SocialEngine support, it’s safe to give that information as our staff have signed NDA agreements. If using third party developers, it’s best to get an NDA up front and find out what their processes are regarding user data.
- Only give admin panel access to trusted individuals. For SocialEngine Cloud and SocialEngine PHP, you have the ability to appoint people as Admins who can access the admin panel. This allows them to view user data. Always know who you are allowing access to this area; change the user group for those individuals once they don’t need access.
- Be very careful of the ads you put on your site. Some ads can and do contain malicious code. Use trusted resources for your ads. Otherwise, you could have a data breach if a hacker gains access through malicious code.
Are there Tools to Help?
- If processing data from anyone in European member states, this checklist can help you be in compliance with the GDPR rules.
- Here’s a great tutorial for various methods you can use for better privacy protections and conformance.
- Get an SSL Certificate for your website. You can use the free Let’s Encrypt or purchase one for your SocialEngine PHP site. For SocialEngine Cloud, you can use Cloudflare free SSL.
We hope this article is helpful. If you have questions or would like to request more articles, please feel free to post at our community!
“The Internet is becoming the town square for the global village of tomorrow.” ~ Bill Gates