Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Is Q2A GDPR ready?

+7 votes
677 views
asked Apr 12 in Q2A Core by Problemko
edited Apr 13 by Problemko
Is there technically anything to be done in Q2A to meet GDPR requirements?
Q2A version: 1.8.0
commented Apr 12 by pupi1985
What would technically imply for Q2A to be "GDPR ready"?
commented Apr 13 by Alvaro A Fernandez
I've read somewhere that users need to have the option to have their profile pages private

3 Answers

0 votes
answered Apr 14 by Scott
Good question. I don't know exactly what is required by GDPR. Q2A allows deleting of accounts by Administrators, so users can ask to have their account deleted. However, users cannot delete their own accounts, not sure if that is a requirement.

Very little information is kept in the profiles anyway. Users can easily delete everything there if they need to.
commented Apr 18 by arasahmed
By using this after selecting the qa_user
DELETE FROM `qa_users` WHERE email = 'user@email.com';
Or
DELETE FROM `qa_users` WHERE handle = 'username';
commented Apr 18 by arjunsuresh
@ProThoughts Thanks for reminding :)
@arasahmed That is a bad way because it will still keep user points and user posts alive - provided the deletion is allowed by the Database.
commented May 9 by arend.danielek
As long as their posts don't contain identifying information and pseudonymization is properly used to dissassociate the posts from their initial account leaving questions asked by a deleted account should not be an issue I believe.
commented May 9 by desgrapador
The main points that affect code are:

A check for private policy consent on contact form.
A check for private policy consent for not logged user on question, answer and comment forms if this option is allowed.
A check for private policy consent on register (that is correct now).

All the checks have to be unchecked by default.

A small extract that inform of main points of private policy (responsible, purpose, legitimation, recipient and rights) previous to consent should be placed with the check.
0 votes
answered May 11 by bobptz

If Scott does not know, then most probably Q2A is not ready for GDPR.

Complying with GDPR is vital. Any business found not sticking to the rules could be charged fines of up to €20 million or 4% of the company's global annual turnover.

http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

MAYBE a quick and dirty way to comply is to disable registering, delete existing users and allow only multimedia logins ( https://github.com/alixandru/q2a-open-login ).

commented May 25 by questfor
as stated by desgrapador, current forum status is not enough to comply with the law at 100%. Is there any plugin or modification we can do to really improve it?

Especially to add new required checkboxes before asking a question or comment (logged and anonymous users)

Thanks!
commented May 25 by bobptz
An anonymous user sees this:
"Email me at this address if my question is answered or commented on:"

This option is CHECKED by default.  This is against GDPR.  It should be OFF by default.
commented May 25 by questfor
You can change that in Admin > Posting > Select the check box for email notifications by default

But yes, it should be off by default as well as other checkboxes that should be opt-in and not opt-out if they interact with personal information. At least in Europe
commented May 25 by bobptz
edited May 25 by bobptz
You are right!  I changed it and now all users (registered and anonymous) need to OPT-IN to get email notifications, for each post they make.  This fixes it!

Thank you again.

Now, to make Q2a user-friendly, there should be an option in the user profile to permanently activate this, if the user really wants it.
+1 vote
answered Jul 2 by bobptz
commented Jul 4 by Scott
Thanks, good article. Unless I’m mistaken I don’t think there’s anything Q2A needs to do. You can already delete users and/or hide their posts.
commented Jul 4 by bobptz
How about the cookies?  Is there a way to disable cookies for people that are not logged in?  I prefer to allow only anonymous postings and get rid of cookies.  

I have a very hard time implementing the OPT-IN cookie consent for Q2A.
commented Jul 5 by Scott
You don’t need consent for necessary cookies.
commented Jul 6 by questfor
What about adding a new required checkbox before asking a question or comment (logged and anonymous users)?

Not just the Email me one. I'm talking about the By sending this message you agree to our privacy policy or something like that.

Thanks

Welcome to the Q&A site for Question2Answer.

If you have a question about Q2A, please ask in English.

To report a bug, please create a new issue on Github or ask a question here with the bug tag.

If you just want to try Q2A, please use the demo site.

Dec 1, 2018: Q2A 1.8.1 released!

...