GDPR - New European Privacy and Consent Rules!

Hi Guys, any news about this?
I'm in Italy and I collect data with event-booking and MailChimp plugin from European and non European customer

At the end of the ticket's form, I have the check for Term and Conditions but GDPR needs another check to consent the registration on our mailing list. If you do not consent this checkbox, you can still buy tickets!

Is a first important step toward GDPR.

Hello Tuam,
Any news on the subject?
I know that a time is needed to carry out the programming and modifications to comply with GDPR, but it is urgent for those of us who use eventbooking and we are in the European Union. We need a time to be able to do tests.
If these changes are not contemplated in future updates, we have to look for an alternative.
Thank you very much and greetings
Angeles

This's easy to add, don't worry. So basically, if users check on this second checkbox, they will be added to mailing list? If they don't check, they won't be added to Mailing List?

What newsletter extension you are using?

Tuan

I'm Using Mailchimp
maybe this link is useful kb.mailchimp.com/accounts/management/col...sent-with-gdpr-forms

I'm using Acymailing

For ACYMailing, we might support it out of the box already. See eventbookingdoc.joomservices.com/basic-s...to-join-waiting-list

So basically, you can create a custom field (Checkboxes or Radio) to allow users to choose whether they want to subscribe to your mailing list

If they select Yes, then they will be subscribed. If no, then they won't. Will that work?

Tuan

I have done exactly that.
Added extra field with checkboxes that 1 has to be ticked to process and the choices are

Email
Post
Phone
No Thanks
Graham,

@Graham Maybe you can share your setup by sending us the link to registration form on your site?

@Francesco Did you check the link I provided? Will it solve this GPDR requirement?

@Angeles Sánchez Gómez The same is applied for Mailchimp. Could you please check it as well?

Regards,

Tuan

> It's a copy of a reply to another topic, with added infos. But I think here's the right place for it, too.

The GDPR (General Data Protection Regulation) doesn't forbid the storing of IPs or personal data. If you sell products online, offer contact forms, allow users commenting or to registrate you can store personal data like name, address, ip and so on. But you must inform the user which data are stored in which way and what you will do with this. Please be aware that you ask your customer/user/visitor only for strictly necessary data, another obligatory principle of the GDPR is data minimization.

If you make a "contract" with the user in almost all - not only european - countries the constitutional laws engage you to store personal data and keep it from 3 up to 10 years. In this case the GDPR has no effects.

If you offer event registration (or any other service with registration), whether free of charge or in return for payment, I recommend you the storage of the IP. All other infos by the user can be faked, if he has access to an valid email. Only in combination of the ip and the time stamp you can protect your event booking (or any other service) against fraud. If you know the IP and the time stamp you can identify in case of fraud with the support of the ISP the physical user.

IMPORTANT: TO STORE THE FULL IP IN THE DATABASE AND ONLY NOT TO DISPLAY IN FRONTEND AND BACKEND IS NO ALTERNATIVE FOR ANONYMIZATION. IN THIS CASE YOU MUST INFORM THE USER AS DESCRIBED ABOVE.

A more better solution for all cases of identified and anonymous registration would be to implement a feature that allows you the anonymization of IPs. My suggestion is to do it in this way:

Select, how many bytes of the visitor ip should be masked:
1-byte(s), e.g. 192.168.100.xxx
2-byte(s), e.g. 192.168.xxx.xxx
3-byte(s), e.g. 192.xxx.xxx.xxx

Select, if geolaocation should use masked or full ip:
masked ip
full ip

All other fields can be setup by the extensions in compliance with the GDPR. For example in Germany it is forbidden to make phone input field required.

Best regards,
Jürgen

Some important things:

1. The user has the right of information: If he asks, you must tell him which data about him you have stored
2. The user has the right of correction: If he asks, you must correct his data
3. The user has the right of transfer: If he asks, you must give him his data in a common format
4. The user has the right of deletion: If he asks, you must delete partial or all his data

One exception: If the data are relating to a contract, invoice, offer, active subscription and so on, they are not affected of point 2 (only for the past / existing contracts etc.) and 4.

Be aware of the obligation to keep a procedure index in which you have to document the use of personal data. You must record each use

Best regards,
Jürgen