- Jan 25, 2011
If you ban some one then you’ll need two things in your user agreement you must make clear people can get banned, this should all ready be in it any way because this was no different under old laws. When you ban someone indefinitely or for x months then you have a legitimate interest to keep the record to identify that person else you can’t remove people from your website. So you can still have a black list for a day, month, year to infinity if needed. The x months is more for logs etc like IP address and other stuff. You’ll need to look in to concent and legitimate interest for GDPR and then write the stuff. People need to think first then write stuff and to remember with GDPR less is more. It seems that people want to continue on the old foot instead of thinking privacy first.