Re: Is this forum prepared for the GDPR?
- Posted by ABC Apr 29, 2018
- 2414 views
Is there a need to store any personal data on this website. I think not.
If we erase all personal data today then we should be prepared for GDPR.
Absolutely. This would definitively and completely solve the problem.
Just purge the database of email addresses, IP addresses, real names and locations. The last two show up on some users's profile page.
All we need is a list of approved passwords that allow access to the website.
A password does not have to be linked to any other information.
A username too, I'd wager.
Without an email authentication it becomes too easy for robots to spam a website. But, no need to keep the email address.
This. This is perfect.
Be careful here though. From what I understand, GDPR requires an explicit opt-in before email messages can be sent.
For logs, I think just keeping the IP addres in the web server logs until the logs roll over is good enough to resolve any problems with trolls or black-hat attackers. That complies with the GDPR as it falls under the legal obligation exception, where personal data can be collected and retained without consent when there is a legal obligation to do so.