GDPR Frequently Asked Questions

GDPR Frequently Asked Questions

The GDPR (General Data Protection Regulation) is now in effect.
If you are registered as a member or user of BISF you are a member or user of a non commercial, community forum & informational resource site,.

Below we have provided some general information to questions that you may have about GDPR.

Please understand that we are not lawyers and the GDPR is a set of new laws that have not yet been fully interpreted or tested by the courts. There may still be some some ambiguity relating to legal interpretation and as such, it may be better to consult with a legally qualified Soilicitor.

Q: I know nothing about GDPR, where should I start?

A: There is quite a lot of information available about GDPR online. GDPR is a new European law relating to personal data handling. The good news is that the majority of non-commercial community forums do not contain a lot of users personal data. The way in which this personal data is used or processed is pretty straightforward within basic non-commercial community related forums.

Q: What kind of personal data would be recorded by the BISF House non commercial, community forum?

A: The data collected and processed will include basic data such as the users name and email address that was provided and shared at time of first registration. Also included is the users IP address. Some community forums ask for additional information to be added to the members profile page which is considered as‘sensitive’ data. BISF does not require or request this type of information.

Q: What do I need to do to make my community forum compliant with the GDPR?

A: In General, the GDPR makes the following key demands upon certain websites with particular emphasis upon commercial websites and companies operating in, or serving the European Union:

Not all of the GDPR legislation is applicable to our website. (BISF

Consent: Explicit consent from you the user is required which should clearly outline how we are going to use your personal data.
For example, if we were handing over or selling our community members or Visitors details in the form of lists to marketing companies for use in advertising campaigns, we should let our users know as much detail about this as possible.
BISF House Do Not Knowingly Sell Or Send Any Of Our Users Data To Any Third Party For Marketing Or Any Other Purposes.

Right to be forgotten (right to erasure): If someone asks us to delete their personal data, in most cases, we will comply. This clause relates to personal data, however some data that you provide such as posts, comments, uploads etc, are not considered personal data and as such there is no requirement for us to remove this, unless the data contains information that could personally identify you. (More on this in the next question below.)

Right to Access: If someone asks us what personal data we have on you, we will openly provide an answer, further explaining what we hold, how and why we use it, and where possible and if legally required do do so, provide a copy of that data, providing that we can be 100% sure that you are the account holder.
You may be required to answer a number of questions so that we may prove your identity.

Data portability: The GDPR says that certain websites will need to provide users with a copy of their personal data upon request and in a format that is machine readable and which could be imported into another platform.
We already have the ability to fulfill this type of request subject to ascertaining and confirming the users identity, however we cannot guarantee that data from our website will be compatible with any other website or system as not all systems are interchangeable or compatible.

Data security: Certain websites have an obligation to make sure reasonable efforts are made to keep all data secure.
Basic security measures include making sure our community forum is served over HTTPS (Which it is) and that data is stored and transferred securely. This is already in place on BISF despite the fact that community forums do not in the strictest sense fall under the GDPR legislation.

Q: Is user generated content (UGC) on BISF classed as personal data and is User Generated Content subject to GDRP portability rules regarding data portability and erasure?

A: User Generated Content that does not contain personally Identifiable Information is not subject to the GDRP legislation.

Q: What happens if a member asks us to delete all of their posted content and if those posts are considered to contain important non-personally identifiable information likely to benefit the community?

Providing that the User Generated Content, such as forum posts or comments are stripped of the users identifying information (for example the username and photograph of the member), then we are not required to remove the remaining content, providing it does not contain User Identifiable information.
If the post or post content does contain identifiable information of the person requesting removal then we will take all necessary steps to remove the identifiable portion(s) of the content. The remaining content will be attributed under a pseudonym user name. We would also remove or alter identifiable information about you that may have been posted by another user or member if applicable.

Your user profile allows you to personally control some of your personal information already.
In certain circumstances we may delete or remove all of your non identifiable content, even though we are not required to do so under GDPR legislation. We will treat each request on on a case by case basis with respect to this.

Q: How long can the BISF House forum keep a members personal data?

A: The GDPR says we should keep personal data no longer than is necessary for the purpose you obtained it. It would therefore be considered reasonable for the data to be kept indefinitely as a community forum is not subjected to time-limitations, as the information is used for non-commercial, educational and historical purposes only.

Q: Does BISF House have to re-opt in all community members?

A: No. Community members are not required to re-confirm their registration to the community.
The GDPR is prompting some companies to undertake a re-opt in for their email marketing lists to ensure that they have explicit consent. Even then, re-confirming email lists is only required if proper consent was not obtained at the time the emails were obtained. In any case, consent can be reconfirmed when a member returns to the community
Q: Does the GDPR require users to consent to the use of Cookies and how does the BISF House forum use cookies?

A: On some websites, you sometimes see a notification pop-up asking people to consent to the use of cookies.
This relates to a seperate EU cookie law.
The law states that a website must obtain consent if it is using cookies to collect and store ‘non-essential’ information such as info that is used for targeted advertising.
By default, the cookies used by forum software are the ‘essential’ kind that are used to keep people logged in, track analytics and so on and consent for using this type of cookie is not required.
With respect to GDPR, certain cookies do contain small amounts of information that could be used to identify an individual person and these are treated by us as personal information and we inform you which cookies do this on a separate page..

Q: What will BISF House do if I send a GDPR request, relating to my personal information ?

A: Our policy in this case is to contact you as soon as possible. We would then attempt to validate your identity to ensure that you are legally who you say you are and confirm it is you who has made the request.
We would then confirm what information you would like us to remove and confirm what data we hold and decide what should be deleted as per GDPR requirements.
We would also inform you of what data we are legally entitled to retain.
BISF House will always try to go above and beyond what is required under the GDPR laws and we will be happy to assist you in any way we can.
There may also be instances when we will agree to delete certain data even though we are not legally bound or required to do so.

Additional Reading

EU GDPR Website :


GDPR: data portability is a false promise:

Cookies Consent Under the GDPR:

GDPR on Quora: