Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersGDPR... what are you going to do?
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
gnfb
2609 posts

Uber Geek

ID Verified

  #2022920 26-May-2018 11:53
Send private message

I just went to a service called Docular after downloading there a plugin for Wordpress that suggested they would provide the means free of charge to create a relevant privacy policy for ones website, to make it GDPR compliant.

 

All is true BUT when you get to the interactive template you are presented with a myriad of options, choices, selections etc. 

 

I estimate it would take a month of Sundays to figure it out and find out what xyz means and what you put where etc.

 

Forget it! I am sure the academics and professionals will salivate at all the work. Meanwhile, Joe Bloggs doesn't stand a chance!

 

So

 

If whoever is running this show over in the EU decides that they are going come down on that little Wordpress site, in little old kiwi land, apparently you get a few chances to fix it before they hit you with big fines. 

 

I'm thinking if that is the case lets wait till they bark before I jump?

 

Just a side thought I wonder if its possible to somehow ban block etc the eu from the site and if one did that would that be a avoiding the need to comply with all this BS , sorry consumer and individual protection.?

 

Ok have at me.




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

I have two shops online allshop.nz    patchpinflag.nz
Email Me



timmmay
20580 posts

Uber Geek

Trusted
Lifetime subscriber

  #2023138 26-May-2018 21:20
Send private message

Courtesy of XKCD

 

 

 

MichaelNZ
1388 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2023480 27-May-2018 17:39
Send private message

In any case, 2 things are certain:

 

1. This isn't going away so may as well get used to it. Quite frankly, in my business, I don't mind declaring what personal data I am retaining and for what purpose.

 

2. Much like the Privacy Act, it doesn't necessarily mean anything is more private. It's just legalised the collection and storage of personal info. Having said that "right to be forgotten" sounds positive.




WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers



kyhwana2
2566 posts

Uber Geek


  #2023516 27-May-2018 18:32
Send private message

gnfb:

 

Just a side thought I wonder if its possible to somehow ban block etc the eu from the site and if one did that would that be a avoiding the need to comply with all this BS , sorry consumer and individual protection.?

 

Ok have at me.

 

 

 

 

Even if you block everyone coming from EU they can still sign up via VPNs outside the EU and you're also logging their IPs and such of EU residents, so blocking doesn't absolve you of anything..

 

One way is to remove all the trackers and advertising from your site for EU visitors like a few sites have. (Thus made them faster with no trackers/ads/etc)

 

 

MichaelNZ
1388 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2023522 27-May-2018 18:50
Send private message

kyhwana2:

 

One way is to remove all the trackers and advertising from your site for EU visitors like a few sites have. (Thus made them faster with no trackers/ads/etc)

 

 

The GDPR is a lot wider than just that.

 

By my reading, a website has to declare everything they are storing / using and get consent for this.

 

On my websites, no consent means-

 

1. No shopping cart

 

2. No orders

 

3. No messages via "contact us"

 

4. No searches

 

and a nag screen on every page view.




WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

twoblacklabs
2 posts

Wannabe Geek

Trusted
TwoBlackLabs

  #2023525 27-May-2018 19:05
Send private message

This is correct. There are 99 articles in the GDPR. One or two relate to the privacy notice / policy. About 75% are process and policy items eg keeping records of all personal information you process, having binding back to back contracts with all your third parties to make sure they are compliant etc.

mdf

mdf
3513 posts

Uber Geek

Trusted

  #2023532 27-May-2018 19:33
Send private message

Overall, I take the view that the GDPR is a Good Thing. It enables far greater transparency of what websites are doing with your personal data (I've heard tell of one disclosure that listed four hundred other companies that your personal data was shared with). While there are some differences, fundamentally it isn't that different to what you should be doing right now under New Zealand's existing Privacy Act 1993. New Zealand personal data rules currently enjoy "adequacy status" from the EU. This means that personal data information can legally be sent here from Europe for processing without special additional measures being taken by the European companies. 

 

If you don't already have a privacy statement, the GDPR doesn't matter since you need one under NZ law. The Privacy Commission has a free "priv-o-matic" generator that will guide you through what you need. A local firm, Simmonds Stewart, has a good free template if you want to DIY it a bit. If you're operating internationally, iubenda.com is a great starting point and produces really user friendly statements.

 

New Zealand also currently has a Privacy Bill before Parliament. This will repeal and replace the Privacy Act 1993 (the year in the title is a bit of a giveaway that it kinda predates the internet age). Hints are that we will end up with a healthy dose of GDPR inspired law ourselves.

 

The extra territorial effect of the GDPR is still being worked out. My take is that the focus is primarily on those that actually do business in Europe (i.e. place of business, staff there, actively soliciting European customers, accepting payment in Euros). And as it stands, half of Europe hasn't implemented the GDPR itself. But hopefully further clarification is coming.

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).

mdf

mdf
3513 posts

Uber Geek

Trusted

  #2023533 27-May-2018 19:40
Send private message

From mrscruff:

 

 

Disclaimer: please exercise care when taking legal advice from a cartoon.

kyhwana2
2566 posts

Uber Geek


  #2023903 28-May-2018 12:24
Send private message

See also http://www.gettingemaildelivered.com/why-you-cant-just-block-eu-visitors-eu-customers-or-any-eu-traffic-under-gdpr fore why you can't just block EU traffic.

 

Also note that re MichaelNZ you'll also have to remove all the trackers (including 3rd party ads that have trackers) without consent, for EU residents. Of course this will make your site a lot faster and a more pleasant experience, so hey, win for EU residents there.

MichaelNZ
1388 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2023904 28-May-2018 12:27
Send private message

kyhwana2:

 

Also note that re MichaelNZ you'll also have to remove all the trackers (including 3rd party ads that have trackers) without consent, for EU residents. Of course this will make your site a lot faster and a more pleasant experience, so hey, win for EU residents there.

 

 

Yes, that is a good point. I didn't mention it in my list because it doesn't apply in my instance as we have no 3rd party cookies.

 

I think that will be a positive for the web. I loath Facebook and Google trackers.




WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

vulcannz
436 posts

Ultimate Geek
Inactive user


  #2023942 28-May-2018 13:30
Send private message

I block trackers, this is 1 weeks worth of data. Logging has a redundancy of 60 seconds (that is to say, if an identical event happens within 60 seconds it is only logged once) so you can probably pump up these numbers by a magnitude of 3-5, and this is on a home network:

 

 

 

 

 

 

Applications

 

 

 

 

 

Application

 

Events

 

 

 

DoubleClick

 

1234

 

 

 

ScoreCard Research

 

463

 

 

 

AppNexus

 

177

 

 

 

Google Analytics

 

109

 

 

 

Adsrvr

 

33

 

 

 

Quantcast

 

31

 

 

 

Casale Media

 

30

 

 

 

AOL Advertising

 

30

 

 

 

BlueKai Research

 

27

 

 

 

Media6Degrees

 

23

 

 

 

IMR Worldwide

 

19

 

 

 

AddThis.com

 

15

 

 

 

Betr Ad

 

8

 

 

 

eXelate Media

 

6

 

 

 

Media Innovation Group

 

6

 

 

 

Aggregrate Knowledge

 

6

 

 

 

Criteo

 

5

 

 

 

Optimizely

 

5

 

 

 

Flurry

 

4

 

 

 

Chart Beat

 

4

 

 

 

MediaMath

 

4

 

 

 

Turn Advertising

 

3

 

 

 

Omniture

 

1

 

 

 

Site Scout

 

2

 

 

 

ADGRX

 

1

 

 

 

Serving-Sys

 

1

 

 

 

Adsafe Media

 

1

 

 

 

Total: 

 

2248

 

 

 

 

 

Behodar
10504 posts

Uber Geek

Trusted
Lifetime subscriber

  #2023947 28-May-2018 13:40
Send private message

kyhwana2:

 

See also http://www.gettingemaildelivered.com/why-you-cant-just-block-eu-visitors-eu-customers-or-any-eu-traffic-under-gdpr fore why you can't just block EU traffic.

 

From that link:

 

it is a violation of GDPR to note, in an automated fashion, from what region in the world they are surfing over to your website.

 

But if you can't find out whether they're in the EU without first asking for consent, then how do you know that they're in the EU and therefore need to give consent in the first place?

 

This seems like a paradox. Or maybe I'm just misunderstanding it.

 

(Note: I'm not talking about blocking EU users, just location detection in general)

MichaelNZ
1388 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2023951 28-May-2018 13:50
Send private message

Behodar:

 

But if you can't find out whether they're in the EU without first asking for consent, then how do you know that they're in the EU and therefore need to give consent in the first place?

 

This seems like a paradox. Or maybe I'm just misunderstanding it.

 

(Note: I'm not talking about blocking EU users, just location detection in general)

 

 

I read your link and it's insane. But it doesn't mean they will get their way.

 

Who remembers this?

 

Wikipedia - SCO–Linux disputes

 

 




WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

nunz
1421 posts

Uber Geek
Inactive user


  #2026232 31-May-2018 14:01
Send private message

MichaelNZ:

 

nunz:

 

We auto report to gmail and a few others as per their abuse@... email addresses. if it is a credible ISP we report to them via their abuse networks. if more people start whinging about script kiddies and wanna be grifters then there would be more done. I act in a manner I would hope to see other people acting - apathy is rife - I just choose not to be apatheitc and take a stand.

 

 

It's not apathy. It's just plain numbers and previous experience.

 

I rarely block by hand.

 

I have implemented various spam filtering/blocking stuff but it is all done on the basis it has to be automated and scalable.

 

Otherwise I would literally have a full time job just chasing my tail and I would still not make any dent in the problem.

 

nunz:

 

I'm racist - if it is not from NZ, Aus or other countries that the client should get legitimate email from it hits the top of my aggregation list for a quick perusal. eg crap from romaina, netherlands and a number of other known spam zones gets delayed and filtered early on - as local shops don't normally get overseas inquiries.  some countries we flat out ban from our servers. none of our clients has any commerce or desire to have commerce with nigeria for instance. Until they clean up heir act we will actively discriminate against them.

 

 

Are your customers aware of this policy - and importantly - have they agreed to it in writing?

 

It is totally not my business who [people who use the email servers for which I am responsible] do business with, and I have no policies whatsoever based on race or national origin. 

 

While I support your right to hold racist ideas (solely because I believe in free speech), I suggest being the arbiter of other people's email on this basis is not only unethical, it's also legally dubious.

 

 

 

 

Show me where I said i did it without advising my clients or offering advice?   As for generalizing my statement outside the context it was presented in - not the best way to win friends and influence people.

 

Considering how much spam and hacker activity comes from certain countries, adding country wide bans and blocks makes a lot of sense. It has lowered my web and mail traffic significantly. My clients don't do business with those countries - they wont clean up their act. A doubly good reason to embargo their traffic until they decide to stop trying to screw my clients and thieve from them.

 

Same as phone blocks for private numbers, over seas numbers in a certain range etc. I've got blocks on a lot of that stuff too - makes my life a lot easier.

 

Also means the real problems show up more quickly instead of being lost amongst kiddy scripter traffic. Yesterday an attack on a particular service was registered and routed to me. I knew the attack was worth quick attention as they managed to do what 99.9% of the rest of the attackers cant do - find that service and identify whats on it.  IP blocked, resource security stance altered to account for the attack and services secured - all within 2 - 5 minutes. If I didn't pre filter so much rubbish I wouldn't have spotted a significantly more talented cracker at work.

 

We are all discriminatory at some level - spam filters, mail rules, phone blocks - they are all modern safe guards and having them makes good sense. Not personal to a particular race or nationality - just common sense. The alternative is to allow everything from everybody ignoring common sense and letting them do what they want.

 

 

 

 

MichaelNZ
1388 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2026265 31-May-2018 14:09
Send private message

nunz:

 

Show me where I said i did it without advising my clients or offering advice?   As for generalizing my statement outside the context it was presented in - not the best way to win friends and influence people.

 

[....]

 

We are all discriminatory at some level - spam filters, mail rules, phone blocks - they are all modern safe guards and having them makes good sense. Not personal to a particular race or nationality - just common sense. The alternative is to allow everything from everybody ignoring common sense and letting them do what they want.

 

 

I quoted your post in full and in context so people can draw their own conclusions.

 

By your own words, you openly discriminate based on race and national origin. That's not something to be be proud of. Especially running a business and providing services to other people, who may not share your philosophies and probably don't want you to arbitrate who they can and can't communicate with.

 

There is no comparison between what you claim to be doing and legitimate spam filtering, which is done by machine based on message content, mail server and sender reputation.




WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers

1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright