On 25 May 2018 new legislation called the General Data Protection Regulation came into effect.
As an administrator of a website on Voice this will affect you, and you need to comply with the GDPR.
By default, your website will not collect any personal data about your users. However, it may do in the following cases:
- If you configure your site to allow users to join as members, they will be giving you their name and email address so they can access your site and any services offered on it.
- If you create surveys or petitions that collect personal information in user responses.
- If you enable applications such as discussion forums where users might add personal details in their contributions to your site.
The GDPR states that:
- You must keep this personal information private at all times.
- You can only use personal information for the specific reasons that it was given to you.
- You cannot send marketing emails or newsletters to your users unless they have opted in. When using the Send Email feature in the site admin pages you should restrict the email to users who have opted in unless you are sending them essential communication about your site. You can also see the opt-in state of each user in the member list.
- If you collect personal information via your site (such as via a survey or a form) you must clearly state how you will use the collected information, and how long you will keep it for.
- You must delete any personal information you hold from your users (e.g., survey responses) if they request it.
Note that these rules also apply to any personal information that you keep on your users which is separate to your website (e.g., if you have saved a list of users to your computer).
This information is given as a general indication of how the GDPR legislation may affect anyone running a site on Voice. However, it is not definitive advice about the requirements of GDPR, and if you are concerned about how the legislation affects you, you should seek specialist advice.