We're proud to announce that NodeBB has become the first forum software to become GDPR compliant.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union law intended to promote the protection of privacy and personal information. It's main goal to give users more control over their personal data. It comes into force on 25 May 2018, and impacts any company or organization who has users in the EU.
To be in compliance with the GDPR, the storage of user data must meet the following standards:
- The data subject has given consent to the processing of personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Processing is necessary to protect the vital interests of the data subject or of another natural person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular if the data subject is a child.
What has NodeBB done to become GDPR compliant?
With the release NodeBB 1.9.0, we have added a number of software features which will help will help forum owners ensure full GDPR compliance for their organization. These include:
- Data collection consent on user registration
- New users can now be explicitly asked for consent to have their data collected and receive emails
- Data portability for users
- Users are now able to download all their posts in CSV format, an archive of all their uploaded images, and a CSV file containing their user profile data and settings
- Ability for users to remove their account and content
- Users are able to completely remove their personal identifiable data when deleting their account, and can choose to have all their forum contributions completely deleted by contacting an administrator
- GDPR information pages
- An information page on forum GDPR compliance for administrators will be available to all NodeBB forums
To access these features, self-hosted NodeBB forum owners will be required to upgrade to version 1.9.0. We will work with our hosted customers to ensure that they are GDPR compliant, starting with our customers primarily serving customers in the EU. Please contact firstname.lastname@example.org if you have any questions.
For more information on the other features added with NodeBB release 1.9.0, please see https://blog.nodebb.org/whats-new-in-v1-9-0/