Matt

We will. Which is why we're watching GDPR closely but not knee-jerking a bunch of half baked features into life that may never be needed or used.

Haha, just as I start my diet. Thanks!

I made this change for 4.3.3.

We can look at that in a future release. One thing I'm always mindful of is security of the account. What would a checkbox on a single use form do?

Something to consider for a future release. You should be able to hook into it.

We will see how it goes and look into other options in future releases.

I have, which is why I settled on "Guest" to completely anonymise it and ensure no mining or pattern matching could occur. That really is not required. It should all in the T&S and Privacy Policy which you have to opt-in to when registering, and this opt-in is recorded. GDPR is not about putting a checkbox in front of every possible interaction with the site. What a nightmare that would be for everyone.

All very sensible yes. There's a new Admin permission mask for the exports, so you can disable this per admin if you wanted to.

And LEGO®, SEGA®, Warner Bros, etc. 🙂

Unless you've been living under a rock, or forgot to opt-in to the memo, GDPR is just around the corner. Last week we wrote a blog answering your questions on becoming GDPR compliant with Invision Community. We took away a few good points from that discussion and have the following updates coming up for Invision Community 4.3.3 due early next week. Downloading Personal Data Invision Community already has a method of downloading member data via the member export feature that produces a CSV. However, we wanted Invision Community to be more helpful, so we've added a feature that downloads personal data (such as name, email address, known IP addresses, known devices, opt in details and customer data from Nexus if you're using that) in a handy XML format which is very portable and machine readable. You can access this feature via the ACP member view The download itself is in a standard XML format. A sample export Pruning IP Addresses While there is much debate about whether IP addresses are personal information or not, a good number of our customers requested a way to remove IP addresses from older content. There are legitimate reasons to store IP addresses for purchase transactions (so fraud can be detected), for security logs (to prevent hackers gaining access) and to prevent spammers registering. However, under the bullet point of not storing information for longer than is required, we have added this feature to remove IP addresses from posted content (reviews, comments, posts, personal messages, etc) after a threshold. The default is 'Never', so don't worry. Post upgrade you won't see IP addresses removed unless you enter a value. This new setting is under Posting Deleting Members Invision Community has always had a way to delete a member and retain their content under a "Guest" name. We've cleaned this up in 4.3.3. When you delete a member, but want to retain their content, you are offered an option to anonymise this. Choosing this option attributes all posted content to 'Guest' and removes any stored IP addresses. Deleting a member Privacy Policy We've added a neat little feature to automatically list third parties you use on your privacy policy. If you enable Google Analytics, or Facebook Pixel, etc, these are added for you. The new setting Finding Settings Easily To make life a little easier, we've added "GDPR" as a live search keyword for the ACP. Simply tap that into the large search bar and Invision Community will list the relevant settings you may want to change. These changes show our ongoing commitment to helping you with your GDPR compliance. We'll be watching how GDPR in practise unfolds next month and will continue to adapt where required. Invision Community 4.3.3 is due out early next week.

Yes, I think we're wandering down a different path now. The new blog will be up in about 5 minutes.

I personally do not feel that public posts or personal messages constitute 'personal data'. I see that more like email address, age, address, credit card details, etc.

Yes, typo fixed. I meant explicit but my brain substituted the word incorrectly. The intention was always explicit consent as the surrounding text illustrated. If you're more comfortable removing IP addresses from content data, then get in touch with support and we'll show you the queries to run on your database (assuming you make back-ups, and are comfortable with admin tasks like that, etc, etc).

GDPR does not stop you storing information. It just asks that you are transparent about what you store - and don't store more information that is needed. The user can request that information be deleted. You'd use the "Delete member" feature to do this.

Invision Community only ever sets functional cookies. These may be to track a session, or they may be a result of a user instigating a feature (like the shopping cart, clicking Mark as read, etc) which are fine to set. What did you have in mind?