WordPress helps site owners comply with the GDPR. Couple of features are added in relation to “Right to Erasure” and “Right to data portability”, allowing site admins to export a ZIP file containing a user’s personal data and erase a user’s personal data.
On the other hand, BuddyPress integrates some features to make your BuddyPress Website GDPR Friendly. In order to respect the GDPR compliance, BuddyPress facilitates these features:
- Deletion of user account and all data (by the user, or an admin).
- Explain what types of data are collected, and how it is used.
- Data portability.
User account deletion
Some BuddyPress features are allowing users and site admins to manage member data and privacy. This way, you’re free to remove all data, or anonymise it.
Anonymising the data is de-personalising it, basically making it impossible to match a piece of content to its original author. The easiest solution is probably to delete the entire content. Otherwise, you might let some clue about the user’s profile. For example, a message chain, where a user is removed and their messages are stripped of identifiers, but because of the context (perhaps a second user’s subsequent message uses an at-mention), it might make it possible to understand who the modified message was written by.
Explain types of data collected
Site owners/data controllers need to be able to explain to their users what is collected and why.
Be aware that BuddyPress share some data to Automattic’s Akismet (their content, IP, etc) and Gravatar services (MD5’d email address, IP, etc). Akismet plugin is for spam protection. This plugin check logged in member IP address to cross check with their spammer’s database log. Unfortunately, BuddyPress has nothing to de with that. In case you don’t want to allow that, you need to report this to the Akismet plugin authors.
Note that all the profile fields you might add for your users are kept inside your WordPress database only, they’re not linked to any 3rd party application. Moreover, BuddyPress doesn’t save any data related to IP address inside cookies.
Note that BuddyPress integrates with WordPress’ Privacy Policy tools. When you create or update your Privacy Policy, BP will suggest text that’s specifically tailored to the kinds of social data generated on your site. BuddyPress will prompt registering users to agree to the Privacy Policy.
Data portability
Being GDPR friendly involves to allow users and admin to be able to export data in a readable and reusable format.
For this reason, the “Export Data” Settings panel lets users request an export of all BuddyPress data they’ve created. BuddyPress integrates seamlessly with the data export functionality introduced in WordPress, and BP data is included in exports that are initiated either from the Export Data panel or via WP\’s Tools > Export Personal Data interface.
To know more about BuddyPress and the GDPR, don’t hesitate to contact BuddyPress support.