Forumbee and GDPR
The EU General Data Protection Regulation (GDPR) sets a new standard for how companies use and protect EU citizens’ data.
At Forumbee we provide features and processes to fulfill GDPR obligations and maintain our transparency about how we process data.
Here is an overview of GDPR and how we are meeting its requirements at Forumbee:
What is GDPR?
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which governs the processing and monitoring of EU data.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, GDPR will apply to you whether you are based in the EU or not.
What Forumbee is doing
We are making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations, and to assist our clients to do likewise is an integral part of how we operate on a daily basis. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data.
Here are the main areas we have addressed to ensure we and our clients are ready to meet GDPR obligations:
We built new features
Our teams built the necessary features to enable our clients to easily meet their GDPR obligations.
You can edit the Terms and Privacy Policies for your community or link to the policies on your main website. For more information see How to Customize Community Policies.
When relying on consent as your legal basis for processing, the GDPR says the consent you obtain must be freely given, specific, informed, and unambiguous. You also must clearly explain how you plan to use their personal data. We’ve updated the member signup process to help you stay compliant with this law. You can enable a checkbox for opt-in consent and edit the message to explain how and why you are using data. For more information see How to Collect Member Consent.
To comply with community member's request for a copy of their data, a new function has been added to the Administration console. Go to Admin > Users, locate the user and expand their details. Under Data Privacy select Export User Data.
Right to Erasure (Right to be Forgotten)
To comply with community member's request to be deleted/forgotten, you can fully delete the member and all of their data. This function can be accessed directly from the Administration console. See this article for steps to delete a user.
Forumbee Data Processing Agreement (DPA)
Strong data protection commitments are a key part of GDPR requirements. Our data processing agreement shares our privacy commitments and sets out the terms for Forumbee and our clients to meet GDPR requirements. This is available for clients to sign upon request.
We have assessed our sub-processors for GDPR-compliance and established data processing agreements with them.
Feel free to contact us if you have any questions about GDPR - we’d be happy to answer any questions you may have.