Ok, general update as promised. It’s important to remember that Discourse can be used in GDPR compliant ways, but software itself isn’t compliant or non-compliant. If you host Discourse for users covered by GDPR, you’ll need to do so in a GDPR-compliant way. What that looks like for you will depend on your interpretation of the guidelines and how you specifically use your member’s data.
A user’s right to be informed
We have updated the privacy statement that ships with Discourse. You can see our version here. You can edit your own version to suit.
A user’s right to be forgotten
Users and their posts can be deleted or anonymised by an admin. We have added support in
v2.0.0beta8 to rename users in mentions and quotes when anonymising, as well as support for anonymising a user’s IP addresses
A user’s right to a copy of their data
A user can download their activity as a .csv file by going to their activity summary. An admin can do this for other members by impersonating them.
A user’s right to modify their data
Depending on how you have configured your Discourse instance, a user can modify their data via their personal preferences and/or by contacting an Admin.
Gaining consent
You can customise your own instance to include a mandatory custom field on registration or you could use the Custom Wizard Plugin as a means to gain consent.