Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+7 votes
735 views
in Q2A Core by
edited by
Is there technically anything to be done in Q2A to meet GDPR requirements?
Q2A version: 1.8.0
by
What would technically imply for Q2A to be "GDPR ready"?
by
I've read somewhere that users need to have the option to have their profile pages private

3 Answers

0 votes
by
Good question. I don't know exactly what is required by GDPR. Q2A allows deleting of accounts by Administrators, so users can ask to have their account deleted. However, users cannot delete their own accounts, not sure if that is a requirement.

Very little information is kept in the profiles anyway. Users can easily delete everything there if they need to.
by
How can Admin delete a user account other than by SQL query?
by
@arjunsuresh, admin can delete user. first block user, then you will see option to delete.
by
By using this after selecting the qa_user
DELETE FROM `qa_users` WHERE email = 'user@email.com';
Or
DELETE FROM `qa_users` WHERE handle = 'username';
by
@ProThoughts Thanks for reminding :)
@arasahmed That is a bad way because it will still keep user points and user posts alive - provided the deletion is allowed by the Database.
by
As long as their posts don't contain identifying information and pseudonymization is properly used to dissassociate the posts from their initial account leaving questions asked by a deleted account should not be an issue I believe.
by
The main points that affect code are:

A check for private policy consent on contact form.
A check for private policy consent for not logged user on question, answer and comment forms if this option is allowed.
A check for private policy consent on register (that is correct now).

All the checks have to be unchecked by default.

A small extract that inform of main points of private policy (responsible, purpose, legitimation, recipient and rights) previous to consent should be placed with the check.
0 votes
by

If Scott does not know, then most probably Q2A is not ready for GDPR.

Complying with GDPR is vital. Any business found not sticking to the rules could be charged fines of up to €20 million or 4% of the company's global annual turnover.

http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

MAYBE a quick and dirty way to comply is to disable registering, delete existing users and allow only multimedia logins ( https://github.com/alixandru/q2a-open-login ).

by
as stated by desgrapador, current forum status is not enough to comply with the law at 100%. Is there any plugin or modification we can do to really improve it?

Especially to add new required checkboxes before asking a question or comment (logged and anonymous users)

Thanks!
by
An anonymous user sees this:
"Email me at this address if my question is answered or commented on:"

This option is CHECKED by default.  This is against GDPR.  It should be OFF by default.
by
You can change that in Admin > Posting > Select the check box for email notifications by default

But yes, it should be off by default as well as other checkboxes that should be opt-in and not opt-out if they interact with personal information. At least in Europe
by
edited by
You are right!  I changed it and now all users (registered and anonymous) need to OPT-IN to get email notifications, for each post they make.  This fixes it!

Thank you again.

Now, to make Q2a user-friendly, there should be an option in the user profile to permanently activate this, if the user really wants it.
+1 vote
by
by
Thanks, good article. Unless I’m mistaken I don’t think there’s anything Q2A needs to do. You can already delete users and/or hide their posts.
by
How about the cookies?  Is there a way to disable cookies for people that are not logged in?  I prefer to allow only anonymous postings and get rid of cookies.  

I have a very hard time implementing the OPT-IN cookie consent for Q2A.
by
You don’t need consent for necessary cookies.
by
What about adding a new required checkbox before asking a question or comment (logged and anonymous users)?

Not just the Email me one. I'm talking about the By sending this message you agree to our privacy policy or something like that.

Thanks

Welcome to the Q&A site for Question2Answer.

If you have a question about Q2A, please ask in English.

To report a bug, please create a new issue on Github or ask a question here with the bug tag.

If you just want to try Q2A, please use the demo site.

Categories

...