What's new
Pinball info

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Upcoming upgrades/GDPR

Paul

Staff member
Joined
Oct 5, 2012
Messages
11,544
Location
South Wales
Alias
Toibs
Hi everyone :)

Unavoidable is the oncoming onslaught of GDPR regulation. If you haven't heard of it, you must have your head in the sand!

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

It was adopted on 14 April 2016, and after a two-year transition period, becomes enforceable on 25 May 2018. The GDPR replaces the 1995 Data Protection Directive. Because the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.

So, as a forum some of the GDPR regulation is concrete, some of it is rather "woolly" so to speak, and will come out in the wash over the coming months. It isn't really pointed to people like us who keep your information safe - It's primarily aimed at the bigger boys - but we still need to do the best we can as there are Massive fines (£m) for those that don't adhere to it.
However, one thing that is concrete is that some Terms etc needs to be re-agreed to, and also we as a forum need to be more transparent as to what information we hold on you and what information we keep. We also need to be able to provide a method of anonymising this information should you wish to leave us.

There will be an update to take place between now and 25th May to allow us to adhere to this, and also we will be looking to make things clear in the new T&C's that we will be introducing - Nothing mad, just common sense. Also a new "privacy" policy will be released. As such, everyone will be required to agree to the new T&C's etc. So please dont be alarmed if you see a pop up appear, or a box requesting you agree to these.

As part of this, i also hope to be able to reset "watched" threads/forums - i.e the ones that you have a watch on (and possible receive emails about, depending on your notifications). This is to remove anyone legacy who doesnt visit any more, however now mark all our mail/notifications as "spam" (which doesnt help us at all!).

I am also at this time contemplating upgrading the forum software to the 2.x range (From 1.x). This means that whilst the look may seem similar, there may be the loss of a few small functions whilst we wait for them to be converted (or i replace them with new versions). From what i have seen, not much should be lost in the way of functionality, as most have been released.

With regards to timescales - To just upgrade to the latest version of the current software will be a few hours Max - With regards to upgrading versions this would probably mean the forum would be offline for a Day or so, however the plus side would be that it wouldn't need to be done in the future. I would be looking to carry this out on a Sat or Sunday daytime (most activity here takes place Weekday evenings).

Any thoughts or questions/comments on the above, please let me know!

Thanks
Paul
 
I’d say do it to suit your life behind the scenes and we’ll all cope with your (and the forum’s) availability. Your dedication & work is highly appreciated, so put yourself first & just tell us when...
 
Like this place my work too is a victim of this rule. We have had a decade old photo gallery completely wiped out because we did not collect consent in a GDPR complaint way from any of those involved in the photos. I have had to start rebuilding it from the ground up now being complaint with this rule, it is also a retroactive law so we've had to stop using any of these photos immediately. And Paul is right, the fines are massive, potentially millions if you don't follow it correctly.

It's wonderful for things like social media etc, but whoever came up with this rule has not considered the impact it has had on a lot of other businesses and sectors. It covers everything but doesn't cater to it.

All I can say is I feel your pain Paul!
 
Last edited:
Good stuff :)
Just curious if this update will also include https? Would be nice, and you can get free certs these days from the likes of letsencrypt.org
 
Good stuff :)
Just curious if this update will also include https? Would be nice, and you can get free certs these days from the likes of letsencrypt.org

Not yet..... but it will come... :) (and is a whole other kettle of fish!)
 
Yep going through the GDPR pain here too so do whatever makes your life easier. It is greatly appreciated and I'm sure we'll survive with the forum being down for a day or two, won't we? Ha.
 
Good luck Paul. The new laws are a ****ing nightmare. We're getting threatened with huge fines if any student details are not 100% secure. So if I mark a piece of work and leave it on the desk - whamo.

Hope it all goes smoothly with you and all your work with the site is greatly appreciated.
 
dood,
watch out for over hype on GDPR, most things covered by the existing IC legislation haven't changed, the only big difference is the fine that you get for not following the rules. There is a gravy train of FUD by consultants that should all be taken out and shot.

never the less I think from a generic security POV getting to the most current version is valuable.

Neil.
 
There is going to be some fallout I imagine. I think the acid test is going to be the first big name to get hit by a fine. There might even be an ambulance chasing industry that springs up from it too, ala PPI... "has your data been stored without your consent??? we'll free it for you!", although fines I think don't go to Data Subjects, not sure where they go actually...

I would like to think that for most SMBs showing awareness of GDPR and a concerted attempt to comply would help eliminate most investigations, but there is for sure going to be a load of Walter Mittys out there who previously would've just moaned about getting a newsletter ("how did you get my details??") who are going to be all over this.
 
GDPR was really based for large companies abusing a large number of customer data. Wasnt really meant for small forums like ours, although we do have to adhere.

The basics as far as we are concerned is that we have to be more wide open as to the data we hold on you, and you have to acknowledge the T&C's and Privacy policies again.

I'm just looking to upgrade the software at the same time as doing the preparations, and then bolt on the GDPR stuff on 25th :)
 
There is going to be some fallout I imagine. I think the acid test is going to be the first big name to get hit by a fine. There might even be an ambulance chasing industry that springs up from it too, ala PPI... "has your data been stored without your consent??? we'll free it for you!", although fines I think don't go to Data Subjects, not sure where they go actually...

I would like to think that for most SMBs showing awareness of GDPR and a concerted attempt to comply would help eliminate most investigations, but there is for sure going to be a load of Walter Mittys out there who previously would've just moaned about getting a newsletter ("how did you get my details??") who are going to be all over this.

yeah we had that when the Information commissioner started doing his thing.

So I agree the first few cases will be important but I seriously doubt there is any chance of ambulance chasing. You'd need to show actual harm. As is today there is pretty much the same legislation in place with now substantial fines before large companies might take a risk based view, now with the fine up to I think 5% of total revenue they are all thinking that risk isn't worth it, but under todays regulation and up until now though the IC has had very few cases where they have handed out the biggest of those fines which are still pretty substantial.

GDPR_Evolution_not_Revolution_-_UKNOF40_27042018.pdf

above is a useful doc that explains this better than anywhere else.

Neil.
 
It's been discussed over here
http://tiltforums.com/t/can-you-remove-yourself-from-a-tournament-after-it-starts/3946/46

With specific emphasis of what IFPA hold, and if you can enter a comp but not submit any data

I think it's this one you're thinking of Wayne: http://tiltforums.com/t/supressed-player/3888/10?u=wizcat

For the record, I'd consider myself a fairly experienced software developer with a considerable amount of knowledge in security - and in that regard I'm all in favour of GDPR :D Yes, I realise most people will find this painful to implement, but as Neil says - it should be stuff you've done years ago! The end result is hopefully that our data is more secure, and people are slightly more aware of the steps needed to ensure that.

As an example, so many mailing lists are being updated right now because they ignored the rules that changed in 2003 or so that *should* have prevented people being automatically signed up for spam, but of course were never enforced. Some legislation that can actually bite might help.
 
Interestingly I've had several emails from big names who have gone with "if you want to stay subscribed then you don't have to do anything!" rather than telling people that if they don't opt-in that they'll automatically be removed (Tesco is one major example)

Have also heard apocryphal stories from friends in the industry who have said that their bosses and/or marketing haven't wanted to email people asking them to opt back in because "we'll lose too many contacts if we do it like that"...
 
I think it's this one you're thinking of Wayne: http://tiltforums.com/t/supressed-player/3888/10?u=wizcat

For the record, I'd consider myself a fairly experienced software developer with a considerable amount of knowledge in security - and in that regard I'm all in favour of GDPR :D Yes, I realise most people will find this painful to implement, but as Neil says - it should be stuff you've done years ago! The end result is hopefully that our data is more secure, and people are slightly more aware of the steps needed to ensure that.

As an example, so many mailing lists are being updated right now because they ignored the rules that changed in 2003 or so that *should* have prevented people being automatically signed up for spam, but of course were never enforced. Some legislation that can actually bite might help.

Or they can just move stuff to the US and ignore GDPR! Ala facebook!

Neil



Sent from my iPhone using Tapatalk Pro
 
Interestingly I've had several emails from big names who have gone with "if you want to stay subscribed then you don't have to do anything!" rather than telling people that if they don't opt-in that they'll automatically be removed (Tesco is one major example)

Depends how they collected their mailing list. It's possible that some companies may have only added people that actually knowingly requested they be added to a mailing list, after having read some terms and conditions. In that case, they'd be good to go. If however they just added people to the mailing list because they bought something once, then that's bad and they need to start over.

So yeah, I expect Tesco are absolutely clueless here. They have a track record of being clueless in IT and were caught storing passwords in plaintext a few years ago :sad:
 
or they believe they have the right handshake with the customer that satisfies the GDPR legislation.

What GDPR isn't - everything we did was wrong.

there are many organisations who got this right from the start.
 
SO since i know all of you will be watching the Royal Wedding tomorrow, it seems like the best day to do it.... Bearing in mind that if this place is offline then everyone has machines that need to be played (and attention!) :)
 
This pretty much sums up my feelings on GDPR.

i1.wp.com_www.sp_bx.com_wp_content_uploads_2017_11_1111.jpg_498649e8aa93291012b78c2fcc0b4f73.jpg

And yes, like most other people i've had it pretty much constantly for the last few months. We've been going through it at work so the latest influx of a billion mails all asking me to agree let them store my details was really welcome.
 
Have a few things to say about this:

1. Firstly whilst GDPR is well intentioned I’ve already worked out it will result in the ratio of junk to relevant stuff in my inbox getting worse not better. Those sending complete junk will continue to do so whereas those sending relevant stuff will have to stop if I forget to act on their ‘opt in’ messages or can’t opt in because I’ve forgotten my password etc
2. Generally businesses who only hold the data they need to provide the service they provide, who don’t share it for money, and keep it secure , don’t have much to worry about despite all the scaremongering
3. What royal wedding is that then?
 
SO since i know all of you will be watching the Royal Wedding tomorrow, it seems like the best day to do it.... Bearing in mind that if this place is offline then everyone has machines that need to be played (and attention!) :)
I think you might have the demographic of this site very, very wrong :) (I hope)
 
I loved Paul’s logic that if he updates the site today we will alll end up mending machines.
Given I need to do a range of tweaks I think he’s going to be right
 
I think you might have the demographic of this site very, very wrong :) (I hope)
Hopefully!!!!

So 9am until it’s done... as per usual, woefully under-prepared... did 6 hours of pre-work last night (not counting the goodness knows how much over the last few weeks)... and still noticed that there’s weeks worth left I could be doing... however could be waiting forever... backups to be taken as a safety net and in with both feet... :rofl:
 
If it’s re-open later and looks identical then you know something went south....:rofl:
 
Hi All,

Well the update took longer than anticipated... Took ages to get the backups done, then forever to remove all the old add-ons that were here (all had to be removed before updating this time since old add-one are not compatible with the new system!). Then I had to upgrade, and basically rebuild the addons and the look from scratch.

There's still lots of work that needs to be done... I need to Tweak the look and need to restore some of the functionality... and to that end you may find the site intermittent over the next 24/48 hours as i intend to be ultra-cautious as it's still a little new to me also. I also would like to put together a little tutorial to help you all with any changes that have taken place. Then there's a Light theme that is needed (i know some prefer white on black, and other black on white... Please bear with me a few days and i'll get it sorted out for you!).

There WILL be things i havent set right, things that dont work... since it was all done by memory and there are literally hundreds if not thousands of possible settings, so please, if you see anything that doesnt work then let me know in this post, and i'll see what i can do to fix it.

In the meantime.. i need some sleep!! :)
Cheers!
 
Back
Top Bottom