Hello admins, I found many (many, many) GDPR topics but nothing that seemed to have this answer. I apologize if this is a duplicate.
I’m using Discourse with SSO, attached to a larger membership site. I’m trying to figure out what to do if a member of my site deletes their account.
Normally I’d say: well, I can call Discourse and anonymize their Discourse profile and that takes care of it. It’s probably okay that their posts stay public, and I’m going to change my TOS to specifically indicate that if you delete your account on my site, your public forum posts will remain under an anonymous username. That seems ok.
However, what happens if a week later, I get an email request from that person, requesting under GDPR that I delete all of their data?
Since I’ve already anonymized their account-- how can I determine what posts in Discourse were created by them?