GDPR

[Bernard]

In accordance with the GDPR (https://eugdpr.org/), I may not publish personal data of living persons without the explicit consent of that person.
This applies to public publication and limited publication, for example registered users or family or whatever.
TNG 12 does not currently offer that function, as far as I know. 
To achieve this, the publication of all living people must always be turned off, except for those who have given me permission. I would like to see that I can 'mark' a person that he has given permission for the publication of his personal data and that his / her data is shown publicly to all visitors to the website (regardless of whether or not they are logged in ).

Bernard Wortelboer

[Hemar]

You could assign a special note or hidden note to the persons given a permission or consent, so those are 'marked' as desired, and you can display all of these persons in the admin notes menu. The same would be possibly by assigning an individual event named for example 'myconsent'.

If this does not answer your question, please specify better, if possible.

Hendrik

 

[Bernard]

Hi Hendrik,

no, this does not answer my question, I hope I can specify my question/suggestion better: 

Default, publishing personal data of living people is not allowed, to nobody. It is also not allowed to show this to a limited group of people (registered users).
But if the person gives his permission to publish his personal data, only then is publishing allowed.
TNG does not have a 'flag' for 'allowed publishing'. And that is what I need.

If that is possible, the next step is to keep a record on those (rare) cases where people will allow me to publish their personal data. That can be done with a special note.

Bernard

 

 

 

 

[XerxX]

Hi Bernard,

I must say I don't really understand what your problem is...

If you have living people in your database that haven't given you permission; simply don't publish them.

When I need some living to connect a user to the tree (a user's parents f.ex) I name them "Living, Data not shown" (in Swedish).

Here's an example of exactly that: https://xerxx.se/pedigree.php?personID=I1252&tree=tredNr2&parentset=&display=standard&generations=4

In Sweden we may not even publish the name w/o consent!

(Actually I'm not even sure that we may store any such data in a public database, regardless if it's published or not... So I don't - I only store the "Living..." name.)

 

Regards,

Erik

[Bernard]

Hi Erik,

I don't have a problem, only a suggestion to improve TNG to be (more) compliant with the GDPR.

I have information of living people in my database. As for the GDPR, that is allowed (but only for me, not for others). Your suggestion is not to publish them. 
That's what I do: in TNG->Setup->Configuration->General settings:

Require logon: No
Show LDS data: No
Show Living Data: Never
Show names for private: No

The current setting 'Show Living Data' has three options:

1. Always 
2. Never
3. Depending on user rights

Only option 2 is GDPR proof. Option 1 and 3 are not.  I suggest to make an extra option: 4 - Only selected. 
So only (manually) selected living will be published. So you need a way to select a person (in TNG) (flag?)

With kind regards,

Bernard

 

 

 

 

 

[XerxX]

3 hours ago, Bernard said:

I have information of living people in my database. As for the GDPR, that is allowed (but only for me, not for others).

Bernard, are you sure about that?

Is the database your private property not accessible by someone else, when it's stored at someone elses public server?

 

My serverprovider makes daily back-ups and save them for a week, so I'm responsible for the contents of at least 7 copies of my database. Maybe your provider also?

I'm sure that a lot of people have access to those copies.

As long as the data isn't stored at my personal computer, I simply don't store data that I am not allowed to publish. Just to be sure and not get in any trouble, so I can relax.

 

Best regards,

Erik

[Bernard]

Yes, I am sure.

I had to find out what the impact was of the GDPR for my (Netherlands) Rowing club and publishing personal data of our members on the website, we had some legal advice for that. The members are stored in an online database.

That means you are allowed to record information of (living) others for personal use only (so you may keep an address list of your relatives and friends). But you are not allowed to share that information to others (for this purpose,  you have to have permission of the person involved). So you can record this in an online database but it has to be secure / hidden for others.

 

Best regards,

Bernard

[XerxX]

Oh, I see! They are members who voluntarily gave you data via an on-line application.

I thought it was living people, like distant relatives, who haven't provided any data themselves.

Sorry.

Erik

 

EDIT: If you don't show their namers or data; why put them in the tree at all?

You can leave "Tree / Person ID" blank but still use "Tree" and "Branch" under "Access Limits".

For the ones that accept to be visible you just fill in "Tree / Person ID".

Edited October 18, 2018 by XerxX
Added suggestion

[Lutz]

Am 18.10.2018 um 14:10 schrieb Bernard:

Only option 2 is GDPR proof. Option 1 and 3 are not.  I suggest to make an extra option: 4 - Only selected

Hello Tng comunity,

I have similar concerns regarding GDPR compliance and I as well would like to see that the fourth option "Only selected" would be implemented in a future release.

Greetings,

Lutz