This article will help you understand and configure features to support applicable GDPR requirements within your community.
Community managers have multiple options when deleting a user from the community. They may choose to delete the user and all of their content or anonymize their content by reassigning their contributions to a "former member" account. In both cases, the user's personal data is always removed. Note: If personal data is posted within content (example. forum thread) that information is not removed in the case of anonymization.
Yes. You can optionally allow users to delete their own accounts without community manager assistance. When enabled, users will have a "Delete my account" option in their profile settings page. When an account is removed this way, the user's contributions are assigned to the "former member" account and all of their personal data is removed. Note: If personal data is posted within content (example. forum thread) that information is not removed in the case of anonymization.
Yes. Community managers can use the member management to export users' data. See "How can administrators export a user's data" section of this article to learn more.
Yes. You can optionally enable users to initiate a data export on their own. When enabled, users will have an "Export my data" option in their profile settings. When the export is requested and completed, the user receives a private message with a time-sensitive (four days by default) export that contains all of their community data.
Community offers a way to track consent for overall site terms of service and privacy acceptance. Read this article to learn more.
Community only stores the last time a user consented. Tracking historical acceptance is feasible using a customization.
Deleting content is based on permission and roles in the platform. Under most situations, non-permission elevated users can delete their posts if there have been no responses. To handle all potential delete scenarios (example: accidentally posted private information) you may want to offer a process to request content to be removed - e.g. email a community manager.
Our GDPR strategy goes beyond our online community. Can I automate and/or be notified of necessary actions (example: user delete, user exports)?
Yes. Community offers a REST APIs for deleting users. Using webhooks, external systems can be notified of export request completion and user deletes.