Checking if my forum comply with GDPR

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
I would like to know, how I can check if my forum comply with GDPR, example, if a user is not able to delete own account is that breach of GDPR ?
 

Ingenious

Fan
Joined
May 4, 2011
Messages
805
A user does not need to have the ability to delete their own account. But if they ask you to delete their account, you should comply.

I would offer to check your forum but you wouldn't tell me what it was, even by PM :unsure:
 

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
I'm asking because I received an email from user that they want to delete own account and the functionality wasn't worked. And user was saying that is a breach of GDPR, so I had to active the feature
 

kik0lasi

Aspirant
Joined
Mar 17, 2020
Messages
16
I'm asking because I received an email from user that they want to delete own account and the functionality wasn't worked. And user was saying that is a breach of GDPR, so I had to active the feature
Just delete it manually yourself. Here in Spain some famous forums do that, they dont have a button for deleting account, they delete it by asking for it.
 

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
Alright , so I don't brake any law, by not having that on my forum ?

Don't really want to get any troubles :)
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,332
Ideally you should familiarise yourself with your particular country's implementation of GDPR. While the aim is generally the same, there can be subtle differences between locations.

You also need to be clear what it is you mean by 'account'. Is it the details a member used to sign up to your forum with or is it those details plus all of the content they have created?

If it's just their sign up details then whether they self delete or do it by request is largely irrelevant because it has little or no impact on your forum. Personally I only do it by request because I want the member to know the action is not reversible.

If the request includes content I would never allow the member to self delete because of the impact it could have on my forum's threads. I would of course manually delete any personally identifiable information (PII) as required by GDPR.

I can't tell you whether you are legally obligated to provide a self deletion option because it might depend on your location. However as far as I'm aware it's generally not a requirement in most countries.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,486
So standard GDPR XenForo, is enough for the forum then in UK ?
its not 100% but that said its should be more then good enough to stay within the law. But always make sure if its within the law by yourself remember you are responsible not the maker of the software and you will get the bill.
 

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
Then most likely I will leave the option available for those users, don’t really want to get any problems. Any way to get forum checked to see if I’m complied GDPR in UK ?
 

evcom

Aspirant
Joined
Apr 27, 2018
Messages
31
As mentioned above, there is no need to have the option available to delete the account. Due to the nature of the account (user might have posted a lot of content), I would suggest that this process remains in the hand of the admin.

I am not aware that there is a service that would check for GDPR compliance. And if there would be, it would be quite a costly exercise as the service provider would have to go through all processes, privacy policy, etc...I think there is no way around than to dive into the subject yourself. Once you get settled in a bit, you will discover that GDPR is not just here to make our lifes more difficult, it can also be used to make your sire more credible, trustworthy and to improve usability.
 

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
I've tried to check my forum through a cookiebot site, and the answer was that is not compliant. I was wondering how true can be, as this probably I way to get money from people.
 

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,576
If your forum software is already GDPR-compliant (done on a best effort basis), you should just ensure that the addons you use also are or were updated accordingly. Your findings might surprise you...
 

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
If your forum software is already GDPR-compliant (done on a best effort basis), you should just ensure that the addons you use also are or were updated accordingly. Your findings might surprise you...
That's interesting then, depends on what type of addons I'm using too ?
 

evcom

Aspirant
Joined
Apr 27, 2018
Messages
31
The type of addons or software used is one thing. It should have the functionality to be GDPR compliant.GDPR is about the following principles:
  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability
So besides having the right software product, the admin must ensure it's properly configured to make use of the GDPR funcionality and that the principles are adhered to in the best way possible. Cookiebot's are not really up to this.
 

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
Thanks, I really hope then all addons are GDPR compliant , is there a way to check this, apart from getting in touch with developers?
 

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,576
That's interesting then, depends on what type of addons I'm using too ?
Official addons are generally part of vendors' GDPR compliance pledge.
3rd-party addons may integrate calls to 3rd-party websites and apis for remote services whose privacy policies can undercut your compliance.
In additions, 3rdparty and outdated addons failing php7+ compatibility and security audits could silently generate issues that will undermine the rest of your compliance efforts.
 

Faust

Enthusiast
Joined
Feb 19, 2020
Messages
221
Official addons are generally part of vendors' GDPR compliance pledge.
3rd-party addons may integrate calls to 3rd-party websites and apis for remote services whose privacy policies can undercut your compliance.
In additions, 3rdparty and outdated addons failing php7+ compatibility and security audits could silently generate issues that will undermine the rest of your compliance efforts.
Then installed addons on my forum shouldn’t have any issues? as I’m running last version of Xf .
 
Top