The GDPR is something I take very seriously.
However, my forums do not have legal teams to pick through this new and poorly-defined law.
The fines are huge, and there are always axe-grinding members looking to cause trouble for a forum. For me to keep running forums, I need to know the software I’m using is compliant with the new law.
If I interpret the law correctly then we need to ensure the following:
-
If IPs have been stored for users without their consent, they absolutely need to be scrubbed from our database and no longer stored for anonymous visitors.
-
When a signed up (or signing up) user visits the forum they need to see a consent screen with an unticked box and an explanation of how the IP will be used
-
If consent is not given, they cannot be allowed to use the forum.
For the record, I absolutely deplore laws like this as do a poor job of protecting our rights yet they harm millions of businesses and scare the hell out of well-meaning and ethical operators.
I’m absolutely relying on the Discourse team here to take some action to protect its forum operators.