GDPR Compliance (European General Data Protection Regulation)
panarisko2022-03-26 02:49
1) in Admin Menu -> System Settings -> Security
Cookie Consent Expires: Remove the 2 years option. According to GDPR it must be 1 year max.
2) in Registration page https://www.yioop.com/register?a=createAccount
Add a checkbox for accepting the terms
3) in Suggest A URL page https://www.yioop.com/suggest
Add a checkbox for accepting the terms
4) Users must have the option to access, transfer and/or delete all their personal data.
You can add the following A and B in Account Details page or add a new menu item in Admin Menu, under Account Home that will point to a new page where users will be able to:
A) Download a copy of their data.
B) Delete their account.
5) Cookies bar: Users should be able to accept the use of cookies, revoke their consent, refuse the use of cookies, and also be able to select which cookies they want.
Example of a valid cookies bar: https://www.cookiebot.com/en/
6) If you store users data in a datacenter, ask for a Data processing agreement. It is needed for any vendor who possesses personal data collected by the website (for example: Datacenters, Web hosting companies, dropbox, Amazon aws, Google cloud, etc.).
7) Once you have done all the above, In Terms page https://www.yioop.com/terms#Privacy%20and%20Copyright%20Policies
somewhere under the Privacy and Copyright Policies section, add the following:
This website complies with the General Data Protection Regulation (GDPR, EU 2016/679).
The GDPR creates new rights for individuals and strengthens some of the rights under Directive 95/46 / EC.
The processing of personal data should take place in a lawful, fair and transparent manner.
The collection of personal data should only be for defined, explicit and legitimate purposes.
The collection of personal data should be adequate, relevant and limited to what is necessary.
Personal data should be accurate and, where necessary, up-to-date.
Personal data that are inaccurate having regard to the purposes for which they are processed, deleted or corrected.
Personal data should be kept in a format that allows the data subject to be identified only for as long as is necessary for the purposes for which the personal data are processed.
Personal data will be kept confidential and stored securely.
Personal data will not be shared with third parties except when it is necessary to offer services on a contractual basis.
Data subjects will have the right to require access to and correction or deletion of personal data, or a limitation of processing, or a protest to the processing as well as the right of portability.
Steps to reproduce:
References:
https://gdpr.eu/
https://gdpr.eu/compliance-checklist-us-companies/
1) in Admin Menu -> System Settings -> Security Cookie Consent Expires: Remove the 2 years option. According to GDPR it must be 1 year max.
2) in Registration page https://www.yioop.com/register?a=createAccount Add a checkbox for accepting the terms
3) in Suggest A URL page https://www.yioop.com/suggest Add a checkbox for accepting the terms
4) Users must have the option to access, transfer and/or delete all their personal data. You can add the following A and B in Account Details page or add a new menu item in Admin Menu, under Account Home that will point to a new page where users will be able to: A) Download a copy of their data. B) Delete their account.
5) Cookies bar: Users should be able to accept the use of cookies, revoke their consent, refuse the use of cookies, and also be able to select which cookies they want. Example of a valid cookies bar: https://www.cookiebot.com/en/
6) If you store users data in a datacenter, ask for a Data processing agreement. It is needed for any vendor who possesses personal data collected by the website (for example: Datacenters, Web hosting companies, dropbox, Amazon aws, Google cloud, etc.).
7) Once you have done all the above, In Terms page https://www.yioop.com/terms#Privacy%20and%20Copyright%20Policies somewhere under the Privacy and Copyright Policies section, add the following:
This website complies with the General Data Protection Regulation (GDPR, EU 2016/679). The GDPR creates new rights for individuals and strengthens some of the rights under Directive 95/46 / EC. The processing of personal data should take place in a lawful, fair and transparent manner. The collection of personal data should only be for defined, explicit and legitimate purposes. The collection of personal data should be adequate, relevant and limited to what is necessary. Personal data should be accurate and, where necessary, up-to-date. Personal data that are inaccurate having regard to the purposes for which they are processed, deleted or corrected. Personal data should be kept in a format that allows the data subject to be identified only for as long as is necessary for the purposes for which the personal data are processed. Personal data will be kept confidential and stored securely. Personal data will not be shared with third parties except when it is necessary to offer services on a contractual basis. Data subjects will have the right to require access to and correction or deletion of personal data, or a limitation of processing, or a protest to the processing as well as the right of portability.
Steps to reproduce: References: https://gdpr.eu/ https://gdpr.eu/compliance-checklist-us-companies/