I’m not sure that specific field will be added to core but I’m sure a plugin will be easy to build
thank you for the answer
Of course there will be plugins to perform this operation. It will be another plugin (on my community sites, I arrive at 40!, All essential to achieve features not made by buddypress).
One more plugin, it is an additional risk of having incompatibilities, slower site, an obsolete version after 2 years …
All forms are integrating rgpd. It seems logical that buddypress integrates rgpd, because of these private data.
It would be nice if there is at least one type of field that after the entry is never displayed again, especially for the check box with the link of the rules of use.
Hello you all!
Since I am using BuddyPress, I have a couple of questions regarding the GDPR compliance:
– Is this plugin setting cookies with personal information from visitors (like IP-address)?
– Is this plugin collecting, storing and/or sending personal information from visitors (IP-address, etc.) locally and/or externally?
In case that you are storing/sending and/or processing visitors’ information:
– Are the IP addresses only stored anonymously, i.e. without the last octet?
– What are you doing with the stored information?
– Do you share the data with 3rd parties? If yes, have you concluded appropriate contracts with the subcontractors that commit the subcontractors equally to data protection?
– When will the user data stored by you (in particular cookies) be deleted?
– Do you offer opt-out options for users (if yes, how are they implemented)?
– Can you provide us with a Data Processing Agreement including technical and organisational protection measures as well as an overview of the subcontractual relationships for signature?
Thanks in advance for your replay!
As per my understanding
— BuddyPress does not save any data related to IP address inside cookies.
— All the profile fields which you have created for your users are kept inside your WordPress database only, not linked to any 3rd party application. If you are using Akismet plugin for spam protection for BuddyPress, they will check logged in member IP address to cross check with their spammer’s database log, again that’s not the BuddyPress thing.
The problem is that BuddyPress has so many 3rd party extensions that building a GDPR compliant community is virtually impossible. Consider this.
You use BuddyPress, plus some plugin for photos, other for location, another for videos etc. Even if BuddyPress will be GDPR compliant without those other plugins also hooking into it you CAN NOT assure that users can download all their data (it is one of the requirements). Right now, only PeepSo is fully GDPR compliant with the new release.
It’s a question of choice. Buddypress is like a big form.
I’m just asking for the possibility that there is a checkbox field at registration (with a link to a GDPR information page) that will no longer appear as a choice in the profile
For 3rd party plugin concern, Site owners are ultimately responsible for the all the plugins they are using at their site, and they also have to understand the functionality of each plugin including their data collection and storage methods before using them.
Regarding 3rd party BuddyPress developers, after BuddyPress GDPR compliance release they can update their plugins to hook all user specific data at BuddyPress option which allow users to delete themselves.
@hdcms You can create a profile fields with terms & condition or take a look at https://wordpress.org/plugins/simple-terms-and-conditions-for-buddypress/ plugin.
Thank you for the plugin but it is no longer updated.
Asked to integrate it in next version of buddypress
We have released a plugin to help with GDPR compliance: https://wordpress.org/plugins/bp-gdpr/
This will be helpful for now, until there is a major BuddyPress release with these features.
Good to see you’ve made something available to help with GDPR @buddyboss.
How about Pseudonymisation and encryption of user data in BuddyPress?
As I understand this must also be achieved under the GRPR directive.
(And yes thank you @buddyboss for your initivite, it is step in the right direction).
Our position is that we want BuddyPress to provide tools that help site owners comply with privacy legislation.
Our 4.0 release, about a month away, will be our first pass at this. Read the latter comments in https://buddypress.trac.wordpress.org/ticket/7698 for linked/related tickets, as well as https://buddypress.trac.wordpress.org/query?status=reopened&status=assigned&status=reviewing&status=new&status=accepted&group=status&milestone=4.0 to see all issues assigned to 4.0 (7855, 7856, 7866, 7867, etc).
Thank you @djpaul.
However after reading and reviewing the threads you linked I cannot see anyone of you guys mentioning “user data pseudonymisation” which is required by the GDPR, while encryption is not. Encryption of the DB data is just highly recommended by EU GDPR regulation.
The data export is a big complex project with the other plugins.
I do not see again in the next version BP4, 2 more simple points:
a) consent box on the registration form (native buddypress)
b) delete storage of members who have not come for more than x years
I do not see plugin for this deletion. In the meantime, is it possible to have a function that I will run once a day with a cron to delete members and their associated content?
Preferably (with the TOS) delete after a date following the role (period1 to subscribe for example and period2 to subscribe for others)
Have you looked at the BuddyPress GDPR plugin just released by BuddyBoss?
yes, I watched.
This is interesting but reading the description, I see that it is the import / export is taken into account. This is not my requests and especially the periodic deletion setting counts of members that no longer come!
- You must be logged in to reply to this topic.