The Old Man

Thanks for the updates.
As @The Old Man said it would be great if the download/delete etc was within the users own account admin so admins don’t have to manually do this for them each time. 

All very sensible yes. There's a new Admin permission mask for the exports, so you can disable this per admin if you wanted to.

These improvements and tools are excellent and well considered, just what we needed, thank you. 
I'd also urge some general caution and due diligence especially with any non-member requests for bulk personal data export, admins should put some procedures in place and make sure co-admins and staff are aware, to recognise a request and to reasonably check proof of identity before handing over bulk export data  to ex-members, banned or disgruntled ex-members who potentially have a grievance, or ex-members requesting deleting accounts. 
It may be useful for current registered members to have a convenient option in their Account Settings to be able to request an export, so export could be performed automatically and recorded in the member history audit trail.
I'd also urge caution in transmitting that XML data to the requester especially by email, be sure to provide some security such as sending it in a passworded and/or encrypted zip file. Double, triple check you're sending it to the correct person, email address!
 

These improvements and tools are excellent and well considered, just what we needed, thank you. 
I'd also urge some general caution and due diligence especially with any non-member requests for bulk personal data export, admins should put some procedures in place and make sure co-admins and staff are aware, to recognise a request and to reasonably check proof of identity before handing over bulk export data  to ex-members, banned or disgruntled ex-members who potentially have a grievance, or ex-members requesting deleting accounts. 
It may be useful for current registered members to have a convenient option in their Account Settings to be able to request an export, so export could be performed automatically and recorded in the member history audit trail.
I'd also urge caution in transmitting that XML data to the requester especially by email, be sure to provide some security such as sending it in a passworded and/or encrypted zip file. Double, triple check you're sending it to the correct person, email address!
 

And LEGO®, SEGA®, Warner Bros, etc. ?

More information will be made available about our position with regards to the GDPR in the next day or so and a few more provisions are being added to the software (this will be detailed more in the upcoming post) by the implementation deadline. Beyond that, I'd ask that you slow the roll so-to-speak on personal interpretations and armchair legalese for there is no need to get worked up into a frenzy. Much like Y2K when everyone thought the world was going to end, the power grid was going to shut down and we'd be left with a smoking pile of circuitry ashes - I assure you, May 26th will be uneventful and we will all carry on as normal - just with some additional data processing safeguards. The regulations will be further interpreted, tested via case law and the world (including IPS) will adapt accordingly. In the interim, please relax and wait for our next update this week. It should address the remaining concerns we've interpreted and determined to be valid. 
As an aside, the software does not prevent you from controlling content. It is not our position nor that of the numerous experts we've consulted with that contributed content to a public community-centric entity constitutes personal information in accordance with the GDPR. If you believe otherwise, the software allows you to delete that content upon receipt of a right to erasure request from a data subject. You can also include in your terms and conditions (which you can require your users to accept) verbiage that addresses copyright, if you so desire. All of this is your decision based on your (and ideally, your legal expert's) individual interpretation of applicable laws - we are just providing baseline tools based on our interpretation. 
Please stay tuned while we further address your GDPR concerns such as obtaining technical support, data portability, etc. 

Yes, as opentype said, the contact form does not need anything for GDPR. No data is stored. It's no different than when someone sends you an email. It would be silly to include a line saying "you have permission to reply to me."
Don't overthink what GDPR is for ?

Obviously I would not tell you to go against your lawyer's advice but I would note the contact us link in the footer is like 5 pixels to the right of the privacy policy link so you know... ?
As I said, the contact us form is basically a "send me an email" form so I do not personally see any GDPR impact anymore than someone just emailing you would have.

No! This is where people take GDPR too far and misunderstand the point. Of course a contact form requires contact data and contact data to be stored. Just as ordering a product requires a shipping and billing address to be stored. You don’t need addition consent. The GDPR changes nothing in that regard and requires nothing new. 
You just shouldn’t ask for more information than necessary and you shouldn’t use it for other purposes. When the contact form signs the user up for a marketing email list without his knowledge and consent – well, you can’t do that anymore. (And you shouldn’t have done it in the past.)

@We are Borg Since users can control their privacy through Google (through Google's personal privacy policy) as long as you make users aware that you are using google services and what you are tracking that is an unnecessary step. This is actually already a mandatory part of using things like Google Analytics and their ad service anyways.

Two points:
I would say that storing the IP address from which a post was made 5 years ago is storing more information than is needed. I just checked some private messages exchanged with a member that was deleted, and its IP address is still there (I did not check if posts also preserve this info), so it seems the possibility to delete a member is not enough to delete its personal data.

Once an account is deleted, the IP address then becomes associated with the Guest account and not user account Fred. As that is an anonymous account the IP is no longer Personally Identifiable Information and is therefore GDPR no longer applies to it.
 

Thanks for having our backs with this GDPRoller coaster ride. Much love.

Great follow up GDPR post by Matt, thank you. 
At the end of the day, do no evil! When you make a decision, don't be evil. Do the right thing, for the right reasons and with the best of intentions, just like we all do with many things In life. Why not reset your list and give everyone the opportunity to opt-in afresh. Your members will be reassured if they see you taking a responsible review and stance because you collect, process and store their data and you're being open about what you do and won't do with their personal information.  
As a responsible and well-meaning administrator, why would you worry or be unduly concerned about being seen to be open and transparent in your stance, by contacting your existing members who are currently opted-in (and/or putting a reminder on your site), that they are currently considered opted-in but that your inviting them to remain so and/or that you're resetting everyone's preferences to opted-out by default on a certain date. (You think they'll want to because of the benefits and service improvements that will be of interest to them, but you respect their decision and choice either way). 
Invite them to continue to receive email notifications (called transaction emails that are mostly automated and sent in response to an action) but not about every single little thing (after all you spent 20 minutes reviewing the current default notifications and have reduced them by resetting them to minimal or none for all existing and new members, because you want them to reach the mythical Inbox Zero and you too care about the planet, but this is how you can quickly review and enable/disable them at any time). 
If you've ever used a service like, ahem, Sparkpost, in the past (there are other email providers available), remember they will likely have a suppression list from members who have previously declined emails or bounced due to policy, so ideally that list should be replicated in IPS if you can, if you are keeping your current opted in member list and not restarting afresh, as sensible best practice (because it's the right thing to do, and you're not evil!). In fact, they remind you to import it from your old provider, if you have one, when you join.
We're all getting a deluge of emails these days from companies who are either resetting on or before GDPR day, inviting us to stay opted-in or to opt-in again. I'd always value a company or service provider more who goes the extra mile, doesn't brow beat me, and is open.
It's nice to be able to reset the switch and for a lot of companies, restrict your inbox and take some control back.

As a reminder to everyone, "InvisionPress" got more powerful in 4.3 with the oAuth 2 integration built directly into IPS which allows your members to login to both sites.  It's a huge leap to combine your Invision community with the worlds most popular CMS platform.  You can share members and content across both platforms now. Make sure you upgrade to 4.3 to take advantage of the new oAuth 2 feature with WP.  
Major bromance of Matt Mecham + Matt Mullenweg going on here.  

Great.  This is a huge weight off my mind.  Thank you all for taking the time to write this guide

That's a good suggestion +1
I keep seeing giant size pixelated emoticons in email notifications and posts on my 4.3.1 community. I added a custom emoticon to a message in Chatbox and it appeared 10x larger than it should! Does anyone else have this issue with their traditional emoticons?

Removing the image emoticons deletes the files. But you can keep a backup and upload them to the old location so they don’t break for older posts. 

Is there a way to have custom emoji categories being displayed before standard ones in the editor ?
 

I second this question - I would like my custom Emoticons to show first in the drop down box.

Funnily enough, I just set up a Wordpress site for one of my colleagues on a subdomain of ours and hadn't given any thought as to how to cross-promote. Guess what's going to happen next? ?

I would like to have a ref list implented in your software instead of using viglink.
So, if someone puts a link into a post eg. amazon or another shop ... your ref id should be added automaticly to the url.
 
 
 

I sell ads to vendors and have a custom solution for displaying them.
I also use Google ads.  We could really use some help there from IPS in that we are not supposed to display ads on certain pages, i.e. registration and others.  IPS builds in the option to display Google Ads, but does not prevent those from displaying where they should not.

That’s nothing new by the way. If you want to run legal websites that do any kind of business, you need to show yourself. If you want people to follow your terms or purchase something, that’s a contract with responsibilities and both parties need to know who they are even dealing with. 

Whilst these are nice and welcome improvements, but honestly I think uploading of member's locally hosted videos is a bit of an outdated concept these days, for reasons I mentioned above.
I think the bigger issue that many customers were hoping to see addressed for 4.3 is (IMHO) the long standing lack of support for fairly straightforward option to support embedding of  third-party hosted videos in the Gallery, which is something we've waited several years for.
With the reduction in server capacity until larger SSDs become the norm, for those who can't afford or use cloud storage, embedding YouTube, Vimeo, Twitch content in the Gallery has a much larger requirement.
Whilst I'm looking forward to seeing 4.3 released, in some ways, it's a bit of a shame to see 4.3 so feature locked at this stage, because much of the work was done in the background at IPS Area 51 before we had a chance to push for the largest feature feedback suggestions that seem to get lost in the feedback forum or via tickets.