I’ll admit that I haven’t been watching the proceedings too closely. Should I be issuing an updated privacy policy to address changes related to GDPR?
You could draw on this one:
Very likely. The site does save private info. On the other hand, I think I’m the only person here who admits to living in Europe, and I don’t give a hoot.
I’m going to work my way through this and see where I can improve.
I have a privacy policy template from Lawtrades if we want something to start with.
More seriously, probably not too difficult to make any necessary changes and be able to feel good about it. Here’s a discourse-specific how-to: https://www.discoursehosting.com/your-discourse-forum-and-the-gdpr/
The primary tenets of GDPR are that the user owns their data. As long as the privacy policy clearly spells out how data is used, there’s a way for user data to be exported (which Discourse already should have), and have your data removed (this I’m not so sure about) then most checkboxes are ticked.
While this isn’t a money making venture, GDPR is still something to at least be nominally concerned about.