This article will help you understand and configure features to support applicable GDPR requirements within your community.
Right to Erasure ('Right to be Forgotten')
As a community manager, how do I delete a user and their personal data from the community?
Community managers have multiple options when deleting a user from the community. They may choose to delete the user and all of their content or anonymize their content by reassigning their contributions to a "former member" account. In both cases, the user's personal data is always removed. Note: If personal data is posted within content (example. forum thread) that information is not removed in the case of anonymization.
Can users delete their own data (self-delete) and leave the community?
Yes. You can optionally allow users to delete their own accounts without community manager assistance. When enabled, users will have a "Delete my account" option in their profile settings page. When an account is removed this way, the user's contributions are assigned to the "former member" account and all of their personal data is removed. Note: If personal data is posted within content (example. forum thread) that information is not removed in the case of anonymization.
Data Portability
As a community manager, can I export users' data?
Yes. Community managers can use the member management to export users' data. See "How can administrators export a user's data" section of this article to learn more.
Can users export their own data without asking the community manager?
Yes. You can optionally enable users to initiate a data export on their own. When enabled, users will have an "Export my data" option in their profile settings. When the export is requested and completed, the user receives a private message with a time-sensitive (four days by default) export that contains all of their community data.
Consent for processing personal data
Can I track user consent to terms of service and privacy?
Community offers a way to track consent for overall site terms of service and privacy acceptance. Read this article to learn more.
Does Community track historical user consent?
Community only stores the last time a user consented. Tracking historical acceptance is feasible using a customization.
Other
Can users delete any single piece of content they have authored?
Deleting content is based on permission and roles in the platform. Under most situations, non-permission elevated users can delete their posts if there have been no responses. To handle all potential delete scenarios (example: accidentally posted private information) you may want to offer a process to request content to be removed - e.g. email a community manager.
Our GDPR strategy goes beyond our online community. Can I automate and/or be notified of necessary actions (example: user delete, user exports)?
Yes. Community offers a REST APIs for deleting users. Using webhooks, external systems can be notified of export request completion and user deletes.