Skip to:
Content
Pages
Categories
Search
Top
Bottom

GDPR compliance


  • HDcms
    Participant

    @hdcms

    Hello
    Will it be possible to have GDPR compliance with the next version of buddypres?
    Notably by ticking a check box during registration that no longer appears for members
    Regards

Viewing 17 replies - 1 through 17 (of 17 total)

  • Henry Wright
    Moderator

    @henrywright

    I’m not sure that specific field will be added to core but I’m sure a plugin will be easy to build


    HDcms
    Participant

    @hdcms

    Hello,
    thank you for the answer

    Of course there will be plugins to perform this operation. It will be another plugin (on my community sites, I arrive at 40!, All essential to achieve features not made by buddypress).
    One more plugin, it is an additional risk of having incompatibilities, slower site, an obsolete version after 2 years …

    All forms are integrating rgpd. It seems logical that buddypress integrates rgpd, because of these private data.

    It would be nice if there is at least one type of field that after the entry is never displayed again, especially for the check box with the link of the rules of use.
    Regards


    Jose
    Participant

    @jgflores

    Hello you all!

    Since I am using BuddyPress, I have a couple of questions regarding the GDPR compliance:

    – Is this plugin setting cookies with personal information from visitors (like IP-address)?
    – Is this plugin collecting, storing and/or sending personal information from visitors (IP-address, etc.) locally and/or externally?

    In case that you are storing/sending and/or processing visitors’ information:

    – Are the IP addresses only stored anonymously, i.e. without the last octet?
    – What are you doing with the stored information?
    – Do you share the data with 3rd parties? If yes, have you concluded appropriate contracts with the subcontractors that commit the subcontractors equally to data protection?
    – When will the user data stored by you (in particular cookies) be deleted?
    – Do you offer opt-out options for users (if yes, how are they implemented)?
    – Can you provide us with a Data Processing Agreement including technical and organisational protection measures as well as an overview of the subcontractual relationships for signature?

    Thanks in advance for your replay!

    Best regards
    Jose


    Varun Dubey
    Participant

    @vapvarun

    @jgflores
    As per my understanding

    — BuddyPress does not save any data related to IP address inside cookies.
    — All the profile fields which you have created for your users are kept inside your WordPress database only, not linked to any 3rd party application. If you are using Akismet plugin for spam protection for BuddyPress, they will check logged in member IP address to cross check with their spammer’s database log, again that’s not the BuddyPress thing.


    EricTracz
    Participant

    @erictracz

    The problem is that BuddyPress has so many 3rd party extensions that building a GDPR compliant community is virtually impossible. Consider this.

    You use BuddyPress, plus some plugin for photos, other for location, another for videos etc. Even if BuddyPress will be GDPR compliant without those other plugins also hooking into it you CAN NOT assure that users can download all their data (it is one of the requirements). Right now, only PeepSo is fully GDPR compliant with the new release.


    HDcms
    Participant

    @hdcms

    Hello,
    It’s a question of choice. Buddypress is like a big form.
    I’m just asking for the possibility that there is a checkbox field at registration (with a link to a GDPR information page) that will no longer appear as a choice in the profile
    Regards


    Varun Dubey
    Participant

    @vapvarun

    @erictracz BuddyPress will also be ready with GDPR compliance in coming updates.
    There is an ongoing discussion about it.
    https://buddypress.trac.wordpress.org/ticket/7698

    For 3rd party plugin concern, Site owners are ultimately responsible for the all the plugins they are using at their site, and they also have to understand the functionality of each plugin including their data collection and storage methods before using them.

    Regarding 3rd party BuddyPress developers, after BuddyPress GDPR compliance release they can update their plugins to hook all user specific data at BuddyPress option which allow users to delete themselves.

    @hdcms You can create a profile fields with terms & condition or take a look at https://wordpress.org/plugins/simple-terms-and-conditions-for-buddypress/ plugin.


    HDcms
    Participant

    @hdcms

    Hi @vapvarun
    Thank you for the plugin but it is no longer updated.
    Asked to integrate it in next version of buddypress
    🙂


    BuddyBoss
    Participant

    @buddyboss

    We have released a plugin to help with GDPR compliance: https://wordpress.org/plugins/bp-gdpr/
    This will be helpful for now, until there is a major BuddyPress release with these features.


    Henry Wright
    Moderator

    @henrywright

    Good to see you’ve made something available to help with GDPR @buddyboss.


    angrywarrior
    Participant

    @angrywarrior

    How about Pseudonymisation and encryption of user data in BuddyPress?

    As I understand this must also be achieved under the GRPR directive.

    (And yes thank you @buddyboss for your initivite, it is step in the right direction).

    Our position is that we want BuddyPress to provide tools that help site owners comply with privacy legislation.

    Our 4.0 release, about a month away, will be our first pass at this. Read the latter comments in https://buddypress.trac.wordpress.org/ticket/7698 for linked/related tickets, as well as https://buddypress.trac.wordpress.org/query?status=reopened&status=assigned&status=reviewing&status=new&status=accepted&group=status&milestone=4.0 to see all issues assigned to 4.0 (7855, 7856, 7866, 7867, etc).


    angrywarrior
    Participant

    @angrywarrior

    Thank you @djpaul.

    However after reading and reviewing the threads you linked I cannot see anyone of you guys mentioning “user data pseudonymisation” which is required by the GDPR, while encryption is not. Encryption of the DB data is just highly recommended by EU GDPR regulation.


    HDcms
    Participant

    @hdcms

    Hi,
    The data export is a big complex project with the other plugins.
    I do not see again in the next version BP4, 2 more simple points:
    a) consent box on the registration form (native buddypress)
    b) delete storage of members who have not come for more than x years

    I do not see plugin for this deletion. In the meantime, is it possible to have a function that I will run once a day with a cron to delete members and their associated content?
    Preferably (with the TOS) delete after a date following the role (period1 to subscribe for example and period2 to subscribe for others)


    Venutius
    Moderator

    @venutius

    Have you looked at the BuddyPress GDPR plugin just released by BuddyBoss?


    HDcms
    Participant

    @hdcms

    @venutius
    Hi
    yes, I watched.
    This is interesting but reading the description, I see that it is the import / export is taken into account. This is not my requests and especially the periodic deletion setting counts of members that no longer come!


    Venutius
    Moderator

    @venutius

    You could write a plugin to do that outside of GDPR, it would need to run a regular cron job and delete all non admin users with a last active date beyond a certain threashold.

Viewing 17 replies - 1 through 17 (of 17 total)
  • You must be logged in to reply to this topic.
Skip to toolbar