As a lot of you are no doubt aware, the GDPR comes into force on 25th May. This sets out new rules around what organisations can do with the personal data of their users.
There are some (mostly small) changes that will occur on Voice in the next couple of weeks to ensure that the service complies with the GDPR. There are two types of change:
- Updates to the technology and hosting platform to ensure it is compliant.
- Informing site administrators about their responsibilities for handling the data of their site members.
The tech changes that will occur are:
- Ensure Users must explicitly opt in to non-essential communication (not opt out). e.g, by ticking a box when joining a site.
- Remove visitor IP addresses from the Reports section of sites so they are not visible to site admins.
- Keep only the most recent access logs on our servers.
- Check that there is no personally identifiable bits of data left in the database after a user deletes their account, and for accounts that have already been deleted. (This should already be the case, but we will explicitly check it.)
- Always use https to access the system. (This is already enabled.)
- Confirm that Analytics and Sharing Toolbar are fully compliant. Remove or replace them if not.
Further to this, we will add information to the system to make site administrators aware of their responsibilities in the following places:
- In the email sent when new sites are approved.
- On the front page of the Admin pages inside every site.
- In a one-off email sent to all site administrators.
Joe - Voice Admin
Will the other sites such as Bedfordshire Borough and Central Bedfordshire Council (I am sure many others will be thinking the same thing) be rolling out the same feature set?
Should we move our website systems across to e-voice?