This is a helpful and comprehensive thread. It’s great to see how seriously Discourse is taking GDPR compliance.
I wanted to write in because I noticed that for the recently installed Discourse instance my community is useful, it is still using the default Privacy Policy that was last edited in 2013.
Because it hasn’t been edited since GDPR came under consideration, I am concerned that this default setting is not in compliance. I think that among other things, GDPR changed the way privacy policies are formatted in ways that are now internationally standard.