Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Is Q2A GDPR ready?

+7 votes
614 views
asked Apr 12 in Q2A Core by Problemko
edited Apr 13 by Problemko
Is there technically anything to be done in Q2A to meet GDPR requirements?
Q2A version: 1.8.0
commented Apr 12 by pupi1985
What would technically imply for Q2A to be "GDPR ready"?
commented Apr 13 by Alvaro A Fernandez
I've read somewhere that users need to have the option to have their profile pages private

3 Answers

0 votes
answered Apr 14 by Scott
Good question. I don't know exactly what is required by GDPR. Q2A allows deleting of accounts by Administrators, so users can ask to have their account deleted. However, users cannot delete their own accounts, not sure if that is a requirement.

Very little information is kept in the profiles anyway. Users can easily delete everything there if they need to.
commented May 9 by arend.danielek
As long as their posts don't contain identifying information and pseudonymization is properly used to dissassociate the posts from their initial account leaving questions asked by a deleted account should not be an issue I believe.
commented May 9 by desgrapador
The main points that affect code are:

A check for private policy consent on contact form.
A check for private policy consent for not logged user on question, answer and comment forms if this option is allowed.
A check for private policy consent on register (that is correct now).

All the checks have to be unchecked by default.

A small extract that inform of main points of private policy (responsible, purpose, legitimation, recipient and rights) previous to consent should be placed with the check.
0 votes
answered May 11 by bobptz

If Scott does not know, then most probably Q2A is not ready for GDPR.

Complying with GDPR is vital. Any business found not sticking to the rules could be charged fines of up to €20 million or 4% of the company's global annual turnover.

http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

MAYBE a quick and dirty way to comply is to disable registering, delete existing users and allow only multimedia logins ( https://github.com/alixandru/q2a-open-login ).

commented May 25 by questfor
You can change that in Admin > Posting > Select the check box for email notifications by default

But yes, it should be off by default as well as other checkboxes that should be opt-in and not opt-out if they interact with personal information. At least in Europe
commented May 25 by bobptz
edited May 25 by bobptz
You are right!  I changed it and now all users (registered and anonymous) need to OPT-IN to get email notifications, for each post they make.  This fixes it!

Thank you again.

Now, to make Q2a user-friendly, there should be an option in the user profile to permanently activate this, if the user really wants it.
+1 vote
answered Jul 2 by bobptz
commented Jul 5 by Scott
You don’t need consent for necessary cookies.
commented Jul 6 by questfor
What about adding a new required checkbox before asking a question or comment (logged and anonymous users)?

Not just the Email me one. I'm talking about the By sending this message you agree to our privacy policy or something like that.

Thanks
Welcome to the Q&A site for Question2Answer.

If you have a question about Q2A, please ask in English.

To report a bug, please create a new issue on Github or ask a question here with the bug tag.

If you just want to try Q2A, please use the demo site.
...