I have read some of the GDPR threads here, doesn’t seem like we have a consensus as to how to handle the compliance at the moment.
Here’s what I am planning to do with the forum I manage for the time being until a better solution comes along. It is an ALL OR NOTHING approach if people want to use the forum, can someone please read and offer your feedback?
- For new users who register on or after May 25 - make it mandatory on sign up page that the following 5 boxes must all be checked before someone can create a new account
-agree to receive email digest
-agree to IP address being stored
-agree to cookies
Have I missed anything? What else can I add?
- For existing users who wish to login to the forum on or after May 25, there will be a popup asking the user to check all 5 boxes before they can continue to use the forum, if they do not check all 5 boxes, they cannot login.
I am not sure how to implement this, if somone can help me with this step, please let me know, I can open a project in Marketplace to compensate you for your time.
- Users who wish to terminate their account and obtain an export of all their personal data and activities - I am not sure how to handle this as of now, will deal with it when I receive the request. My site is small, I know Discourse already provide means for users to download his posts or activities to a certain extent, worst comes to worst I will manually print out all the user’s posts and email him/her on a request by request basis.
Have I missed anything else that needs to be addressed under GDPR compliance?
Would appreciate any feedback and advice from the veteran posters here.