GDPR, how to handle data removal request?

[bpn]

Got this email from Facebook (translated to English):

Quote

A Facebook user has requested that you delete all the data that your organization, domain.com connect, has collected on the person through Facebook.

Any advice on what to do?
Deleting members with posts is not an option due to the concerns TSP is rising here.

[opentype]

1 minute ago, bpn said:

Any advice what to do?

Delete the account. (not the content)

[Nathan Explosion]

6 minutes ago, bpn said:

has collected on the person through Facebook.

That's the important bit here...what have you collected through Facebook? Their account details, basically.

Content? Nope - none of that came from Facebook.

[TDBF]

31 minutes ago, bpn said:

Got this email from Facebook (translated to English):

Any advice on what to do?
Deleting members with posts is not an option due to the concerns TSP is rising here.

Just turn the member into a guest poster. That in theory should be enough.

[Matt]

Personally, I'd make sure I was running 4.3.3. Then I'd delete the member, but keep their content and choose the option to anonymise attribution.

[bpn]

Many thanks, I see that 4.3.3 takes care of the mentioned problem by making it possible to easily distinguish between posts made by deleted members, a very good solution.

A couple of suggestions:
Make it an option in the FB-connect registration procedure if you want your profile/cover photo be used, with disable as default. Even if you use a nickname you will still reveal your FB-identy thorough these images.
We have also changed the Display Name field descriptor from "Display Name" to "Nickname (Do not use your real name)"
Assist in keeping anonymity should reduce data removal requests from FB-members.

Include acceptance of the forum therms in the procedure.