Who goes when
 

what happened to the who goes when list? there used to be a section of the Dibb that showed when members were going.

Removed months ago due to GDPR I believe

Mick

There is still a list of who is staying where when however

We still have this thread going
https://www.thedibb.co.uk/forums/sho...d.php?t=852760

So, rather than having a little application here on the DIBB where people could choose to enter their dates and it would show them others going at the same time as them, there's now a thread where people can choose to enter their dates and they can look at the thread to show them if others are going at the same time as them?

So, the same information is still being stored here on the DIBB, just via a different method?

It doesn't sound like it was a GDPR issue then?

Yes it was a GDPR issue! :confused2

But the DIBB is still collecting and storing the same personal data as before, just in a different way. :confused2

If it bothers you, you are welcome to spend hours pouring over the regulations like we had to, you might find something we didn't or you can take it up with the ICO, if you can get them to give you a straight answer as to what the difference is then you'll have better luck than we did in our hours of multiple conversations with them :D

It doesn’t bothered me as such no. I just found it strange that collecting and presenting the information one way is not allowed but it is allowed if you collect and present exactly the same information a different way.

I always thought GDPR was about data protection and privacy of data, not on the details regarding the software methods used to collect info. Apologies for the incorrect assumption.

GDPR is about more than the protection and privacy. An awful lot of the regulations are more to do with
a) Have you the right to hold the data
b) How are you using it, can you justify having the data for the use you claim and is the subject of the data 100% clear on that use.
The actual rules regarding protecting it and ensuring it was secure changed very little, other than the fines for doing it wrong, which change a LOT, huge increase in what could be imposed.

As Stu had mentioned earlier, it was/is very difficult to get a straight and definitive answer from anybody in authority about what a data processor or data controller (lovely vague terms which are also hard to get them to nail down in respect of individual/company functions) has to do in order to protect themselves. Therefor a lot, particularly smaller companies, didn't bother, they just got rid of the data as much as possible, which I guess, understandably is what theDibb did.

As to the fact that people are posting their dates and other information in an open forum, that is their choice, no responsibility would fall on theDibb for that. It's similar to the way that they have a duty of care to protect my credit card information when I pay for Passholder, but none if I decide to type my card number into a post for all to see.

The concept and aim of GDPR is very noble, and was much needed in my opinion. But I do believe that they tried to make a rule book to fit all sizes and types of companies. While most Data Protection commissioners have clearly stated that they are not after the local sports club or society, technically the rules for them are the exact same as for Facebook, Linkedin, Twitter etc, which is a little mad :)

I know of many small companies that use our software which were quoted anything from €20k to €50k for a GDPR 'consultant' to give them advice, and having spoken to many of them myself, the advice was always that, they would never stand over it and give a 'rubber stamp' stating that if you followed their recommendations and processes you would be compliant.