These improvements are welcome, but there are a few issues that still need to be addressed.
One is regarding the ability to either disable the collection or anonymize personal data that is not critical to the software functionalities. I'm thinking about IP address in logs, for example. I don't know if there are other items.
Regarding cookies, I think GDPR requires affirmative user action for things like accepting cookies. Thus, IPS should not set any cookie until it has user consent, and it should also provide an opt-out mechanism. I believe this is not done in current version (I didn't test 4.2.7 yet).
Using embedded content also means the users may get cookies from external domains/services. So, we need more control on the embeds that are enabled, to make sure we don't add unexpected cookies. It would also be nice to be able to rebuild posts and remove external embedded content.
IDG reacted to ptprog in How Invision Community's tools can help with GDPR compliance
