- Thread starter
- #3
- Joined
- Mar 17, 2020
- Messages
- 16
Just delete it manually yourself. Here in Spain some famous forums do that, they dont have a button for deleting account, they delete it by asking for it.
- Thread starter
- #5
- Moderator
- #6
- Joined
- Aug 26, 2010
- Messages
- 8,450
Ideally you should familiarise yourself with your particular country's implementation of GDPR. While the aim is generally the same, there can be subtle differences between locations.
You also need to be clear what it is you mean by 'account'. Is it the details a member used to sign up to your forum with or is it those details plus all of the content they have created?
If it's just their sign up details then whether they self delete or do it by request is largely irrelevant because it has little or no impact on your forum. Personally I only do it by request because I want the member to know the action is not reversible.
If the request includes content I would never allow the member to self delete because of the impact it could have on my forum's threads. I would of course manually delete any personally identifiable information (PII) as required by GDPR.
I can't tell you whether you are legally obligated to provide a self deletion option because it might depend on your location. However as far as I'm aware it's generally not a requirement in most countries.
You also need to be clear what it is you mean by 'account'. Is it the details a member used to sign up to your forum with or is it those details plus all of the content they have created?
If it's just their sign up details then whether they self delete or do it by request is largely irrelevant because it has little or no impact on your forum. Personally I only do it by request because I want the member to know the action is not reversible.
If the request includes content I would never allow the member to self delete because of the impact it could have on my forum's threads. I would of course manually delete any personally identifiable information (PII) as required by GDPR.
I can't tell you whether you are legally obligated to provide a self deletion option because it might depend on your location. However as far as I'm aware it's generally not a requirement in most countries.
- Thread starter
- #7
- Moderator
- #8
- Joined
- Aug 26, 2010
- Messages
- 8,450
The ICO is responsible body in the UK https://ico.org.uk/for-organisation...-the-general-data-protection-regulation-gdpr/
The option to self delete is not a requirement in the UK.
- Thread starter
- #9
So standard GDPR XenForo, is enough for the forum then in UK ?
- Joined
- Jan 25, 2011
- Messages
- 5,964
its not 100% but that said its should be more then good enough to stay within the law. But always make sure if its within the law by yourself remember you are responsible not the maker of the software and you will get the bill.
- Thread starter
- #11
As mentioned above, there is no need to have the option available to delete the account. Due to the nature of the account (user might have posted a lot of content), I would suggest that this process remains in the hand of the admin.
I am not aware that there is a service that would check for GDPR compliance. And if there would be, it would be quite a costly exercise as the service provider would have to go through all processes, privacy policy, etc...I think there is no way around than to dive into the subject yourself. Once you get settled in a bit, you will discover that GDPR is not just here to make our lifes more difficult, it can also be used to make your sire more credible, trustworthy and to improve usability.
I am not aware that there is a service that would check for GDPR compliance. And if there would be, it would be quite a costly exercise as the service provider would have to go through all processes, privacy policy, etc...I think there is no way around than to dive into the subject yourself. Once you get settled in a bit, you will discover that GDPR is not just here to make our lifes more difficult, it can also be used to make your sire more credible, trustworthy and to improve usability.
- Thread starter
- #13
- Joined
- Jun 29, 2008
- Messages
- 6,818
If your forum software is already GDPR-compliant (done on a best effort basis), you should just ensure that the addons you use also are or were updated accordingly. Your findings might surprise you...
- Thread starter
- #15
That's interesting then, depends on what type of addons I'm using too ?
The type of addons or software used is one thing. It should have the functionality to be GDPR compliant.GDPR is about the following principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
- Joined
- Feb 19, 2015
- Messages
- 44
Have a read of https://gdpr-info.eu/art-17-gdpr/
- Thread starter
- #18
- Joined
- Jun 29, 2008
- Messages
- 6,818
Official addons are generally part of vendors' GDPR compliance pledge.
3rd-party addons may integrate calls to 3rd-party websites and apis for remote services whose privacy policies can undercut your compliance.
In additions, 3rdparty and outdated addons failing php7+ compatibility and security audits could silently generate issues that will undermine the rest of your compliance efforts.
- Thread starter
- #20
Then installed addons on my forum shouldn’t have any issues? as I’m running last version of Xf .