GDPR eligibility

matteocontrini

[deleted] ok, but the articles mentioned in that page are part of the regulation, and article 2 says that the whole regulation doesn't apply to personal activities.

[deleted]

matteocontrini But you still need an opt-out mechanism for any mailing list, plus at least legitimate interest - you cannot rely on implied consent.

jordanjay29

[deleted] matteocontrini I split you guys out of the extension discussion, feel free to continue this one here.

matteocontrini

[deleted] if there's a law that requires you to do that, I agree with you. But if GDPR doesn't apply to a particular community because it's managed by a natural person, it's definitely not GDPR that requires you do that.

This Regulation does not apply to the processing of personal data:
[...]
by a natural person in the course of a purely personal or household activity;
[...]

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=IT#d1e1404-1-1

jordanjay29 thanks!

[deleted]

matteocontrini correct, but if you have residents from the EU using your forum, and you hold even just an email address, you are bound by GDPR. Your site should also have a privacy and cookie policy and you also should not be sending users emails without their consent.

The only way you could potentially avoid GDPR is to block access from the whole of Europe which of course isn't feasible at all

matteocontrini

[deleted] again, if your website is held by "a natural person in the course of a purely personal or household activity", you're not.

I don't know how to put it in other ways 😅

[deleted]

matteocontrini that information is both outdated and ambiguous. Unless you are masking IP addresses that access your forum and doing the same with Google Analytics (if applicable) then you're in scope.

Good luck

matteocontrini

[deleted] that's the official text of the General Data Protection Regulation, as published by the official journal of the EU. It's the text of the law that's in effect right now, and it clearly says when the regulation applies and when it does not.

[deleted]

matteocontrini I'm aware of that. My comment still stands.