Here at Social Strata, our main goal is to give you the tools you can use to comply with new regulations, if they apply to your community. Back in the days of the US COPPA regulation, we provided a mechanism so that you could age-check and obtain parental consent, and with GDPR we’ve followed a similar path. If you have decided that your community needs to be GDPR-compliant, then you should find all of the tools you need within the hoop.la platform.
We initially detailed our approach to GDPR in a March 2018 blog post , and this week we’ve completed the new Hoop.la feature set and changes.
For our Enterprise clients, we are also able to sign a Data Processing Agreement. (Email firstname.lastname@example.org if you have questions about DPAs.)
Hoop.la Platform Changes
In December 2017, we had our “member deactivation” release, which provided a tool so that members could deactivate and/or delete their own accounts.
More recently, the “GDPR Countdown” release added the finishing touches. That included disabling IP address tracking, allowing revocation of agreement to your TOS, profile downloads, member deletion of their own content, and space for consent descriptors for all profile fields.
Recommended Actions for Community Admins
Whether or not GDPR applies to your community, it’s a good idea to practice good data stewardship and keep your members’ privacy foremost in your mind. If you have concerns about GDPR and how it might apply to your organization, you should definitely consult an attorney for individualized advice.
We recommend that all community admins take the time to run through the following considerations:
Does GDPR apply to me?
Here is a reference site with some FAQs for small organizations and resource materials. https://ico.org.uk/for-organis...egulation-gdpr-faqs/. Keep in mind that GDPR doesn’t mean you can’t collect data; it simply means you need to have informed consent and/or a legal basis for collecting it.
Can I trim down the amount of data I’m collecting?
This is a good “data hygiene” practice regardless of regulations. Take a look at the information you’re collecting at registration and in your member profiles, and consider getting rid of any requests for data that you’re not using for a specific purpose.
Go through the new features and enable any that apply.
Take a moment and review the new hoop.la features (see the links above to the detailed feature announcements). For the new profile field descriptors particularly, you will need to add explanatory text to each data field, telling the member why you are asking for that information.
Add a cookie notice?
Consider using a news flash to alert members to the new features.
We recommend using hoop.la's "news flash" feature to summarize the new features and your own approach to data privacy. Most important for members is the fact that they have the ability to deactivate, delete, and/or download their own data.
If you have any questions about hoop.la's privacy features, please visit our support site and we can assist you.
If you’ve got insomnia, and/or would like to read the legal fine print of the GDPR, here it is: http://eur-lex.europa.eu/legal...uri=CELEX:32016R0679.
Here’s the more user-friendly website: https://ico.org.uk/for-organis...ion-regulation-gdpr/