we have adapted our data protection guideline to conform with the new requirements of the DSGVO (DatenSchutz-GrundVerOrdnung -> General Data Protection Regulation = GDPR). Some of these "reforms" already existed in the old regulation. However, the old regulation was not given as much value as the DSGVO, which has now become legally binding on 25th May 2018 (after a two-year grace period).
In principle, the new data protection regulation is a good thing because it strengthens the consumer rights (that is: citizens). It can be assumed that we will not have as much spam in our mail accounts any longer. And that our data can no longer be collected and distributed uninhibitedly.
In this post I would like to discuss what is changing for all of
us. Two areas are involved:
- the grid (grid services, homepage, forum)
- the private homepages, home regions
The operators of METROPOLIS have appointed a data protection officer who can be contacted for all data protection issues.
You can read the new data protection guidelines including the data of the data protection officer here in German and in English .
Generally speaking, it must be said: METROPOLIS uses neither trackers nor marketing tools such as "Google Analytics" or advertising tools such as "Affilinet". Such tools are data octopuses in the purest sense. But it can also be more subtle. We also use Google fonts, for example, because they provide the more beautiful fonts. With the use of Google fonts, however, data is also transmitted to Google. You generally can't do anything about it, unless you don't use the Google fonts anymore.
Even if there is nothing we can do about it, we must point it out. The same applies to YouTube videos, which can be included in the forum, for example. Here too, data is transferred to YouTube when the videos are played. If you want to exclude this, you have to log out of YouTube first, and then watch the video. For this reason, user education through the Data Protection Directive is an important issue and a major step towards IT maturity.
But for the users of
METROPOLIS should be clear...
- that we do not pass on any personal or anonymous data to third parties.
- that we provide information about stored personal data at any time.
- that we delete all data collected about a specific person on request.
- that we provide assistance in matters of data protection.
What about visitors from other grids?
What about the connected regions and their content?
METROPOLIS-Grid and its operators are responsible for the contents of the Mainlands. The owners are responsible for the rental regions as well as for self-hosted regions. The simulators on which the regions run create log file data. Scripts can also run in the region that log incoming visitors or even contact them automatically. Of course, the visitor must be informed about this. And automated tracking even requires his consent. It is not personal data at the moment. However, it can become such if someone establishes a connection to a real user.
You will be interested to know what effects the new DSGVO has on your hompages (grid project pages, regions project pages), because these Internet appearances must also be designed conforming to DSGVO.
I have to say beforehand that I did not find one single generator that really completely covers all conceivable data protection questions. But this generator seems to me to be the most sensible one for our cause.
The generator asks for the necessary information in a question-and-answer game and also generates an HTML code, which you can than integrate into your website one to one. Now you have crossed the most important hurdle.
Everything else is more or less small stuff. But it could cost you money if a lawyer notices. )
The direct Facebook like is not DSGVO-compliant and therefore illegal! You have to take that off your homepage right now! Instead of these direct buttons, Shariff, for example, offers all social media buttons DSGVO-compliant and it looks good at the same time.
If possible, you should not offer contact forms but direct mail links. The reason: You must add the text with the contact form that this data transmission is DSGVO-compliant and that the sender agrees with the transmission. So the send button is not enough. And when sending, make sure that only one SSL/TLS transmission is DSGVO-compliant. So: you need an encryption license! In addition, you must sign a contract with all partners through whom this data is transferred. E.g. with the server provider (e.g. Hetzner), the mail provider (e.g. Web.de) and the data carrier (e.g. Unitymedia). This means all those involved who come into contact with this data in any way.
Understandably there are no contact forms at METRO.
... to be continued in Part 2
It looks like you're new here. If you want to get involved, click one of these buttons!