simpatic prezentat, clar si la obiect
As far as I understand, the website owner can, under certain circumstances, forego the permission from the user for, say, using Google Analytics, but the user has to be able to turn it off. It is also OK to store access logs for legitimate use (like reporting illegal activity to the police; as far as I know).
we kind of knew you weren’t a lawyer when we were able to understand what was written
I’m guessing you have no other information about your users (accounts, data they entered and such). That’s when it gets complicated. Yours will do for a simple site where everyone is a visitor.
You are correct, I am not storing user information of any sort, and I am anonymizing the IP address of the user when sending it to GA. I was very careful about that.
Creating accounts itself is not a problem as long as users can also delete it when they want (and you can somehow ensure that a backup restore will not bring back their account). The GDPR has the word “reasonable” in a lot of places, so you would (in my read) not be required to go in by hand and redact all their forum posts for personal information as that is not “reasonable”. For other things, like newsletters, you need to get consent of course.
I found that the local government GDPR info sites are very unhelpful, instead I would recommend reading the actual law instead: http://eur-lex.europa.eu/legal-content/RO/TXT/HTML/?uri=CELEX:32016R0679&from=en
It is fairly readable and I was able to work through it in a couple of hours. If you are small enough to not have legal council, you are probably going to be OK if you adhere to the principles of it. (At least that’s what I’m counting on, but if I get a huge fine from the government, I’ll let you know. )
I hope this helps.
As @AdrianBasalic said, we figured you are not a lawyer, its that the GDPR has been quite the topic of discussion lately and you had a pretty concise and easy to understand take on it. I plan on adding to this topic with any other similar pages in the future. Thanks for stopping by
Thanks for having me.
You can find some good guidelines from a national DP authority here: https://www.cnil.fr/en/media
Decizia unei instanțe germane în legătură cu stocarea ip-urilor https://legalup.ro/interes-legitim-de-stoca-ip-urile/