GDPR that will be effective in EU by 28/5/2018 requires more careful handling of personal data. As I’ve analyzed needed changes in our software I’ve found following:
We need explicit consent by user to gather personal data (username, ip addresses) - I think that registration in forum can be taken as explicit consent
We need to handle them any personal data per request, so is there any convenient way to export the data we are collecting about the user? I mean are there any data not currently visible to the user in his profile? I can only think of IP addresses.
We need to delete the data per request - this could be easilly done be removing all post, removing user or anonymizing user.
Are you EU providers preparing for this new policy somehow?