GDPR compliance is not “that easy”

  • I run a few websites on a Multisite network that use 4/5 VFB forms and it was tremendously important to have the possibility to not save entries in the DB. I’ve read some topics here about this subject and seems that not everyone is really aware of what the GPDR will bring. Also and this is my case not all forms are contact forms, probably there are more cases like mine that ask for more sensitive information and so the recommendation given “We recommend to our EU customers that they include a required checkbox on their form that states the user opts in to your site approving submission, storage, and usage of their data. If you wish to remove their information after you are finished with it, then you can delete the entries at your convenience.” isn’t enough. And has I cannot give up from VBF that easy because that would compromise my work I will have to delete site by site, form by form, everyday the entries. I’m just leaving this topic here to let you know that that is not a sustainable solution for all cases for GDPR compliance. Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hello jcpcosta,

    if your form entries/messages are not stored in a database, I suppose you get them by mail. What are you doing then with that mails?

    Best regards
    Matthias

    Thread Starter jcpcosta

    (@jcpcosta)

    Hi Matthias.

    I saw your intervention around here. I hope your question has an altruistic reason ??

    Well it depends. The email is received by a comercial team and what happens next will depend on if the user that filled a form will become a client with a contract or not. Me as part of another team that manages the BO I do not have any purpose (that’s different than interest) of keeping that data.

    Hi,

    just this evening I had a long phone with my hosting person about the DSGVO as we call it in Germany. The main point of the new regularies is not that the regularies concerns getting data, it is said that you have to document where and how the received data are stored and more important the security of this data. So some things are not allowed to store, may be, like keeping dates of birth, which are not always necessary to run a business. But as far as I know there will be no differnce if you get it by Mail, as a form entry including database storage or even a physical letter. In every case you have to document the storage, the security of that process and must be able to provide the client with all the data you ever collected.

    So following my hoster, it is not a technical problem.

    If I am wrong, please let me know it.

    Thread Starter jcpcosta

    (@jcpcosta)

    Hi again.
    I believe you can store everything if you have the user permission, if the user knows exactly the purpose for that storage, for how long will the data be stored, etc etc etc. The website is only a gateway for the data to enter but then that data will be stored and managed in another platform, in a different context, by different people that can and will meet the informed purpose for collecting the data. So, the team that manages the websites’ BO doesn’t need to have access to that info.
    Perhaps in your experience you are the only person who runs and have access to user data..?

    >> I believe you can store everything if you have the user permission
    isn’t it the case that a customer agrees to any keeping or storing wherever this will be of the data he entered by his own decision?

    My forms are applications or requests to be informed about something. I do not know you are using the form for. If it is only an information to you personally, then it must not be stored of course.

    Actually I am alone but I think this makes no differece to the necessary process about what happens with the received data. The obligation to document your process of the data storage stays the same I think.

    Best regards
    Matthias

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘GDPR compliance is not “that easy”’ is closed to new replies.