Data protection has been an important issue for the operator of a forum at least since the GDPR came into force. WoltLab offers with WoltLab Suite a professional forum software for a GDPR compliant operation of an own forum. We explain the most important things to consider.
- Name and address of the person in charge
- Purposes for which personal data are processed
- Legal basis for data processing
- Data storage duration
- Rights of the persons concerned
2. Storage of IP addresses
The long-term storage of IP addresses in a forum is legally questionable, as the GDPR requires that personal data (including IP addresses) is to be stored only for as long as necessary. In addition, a user has the right to request information about the data stored about them, as well as to request complete deletion of the data. Both would be difficult to implement in practice if many stored IP addresses have accumulated for a user who, for example, has written many forum posts. We therefore recommend disabling the permanent storage of IP addresses. The corresponding setting can be found in the administration interface under "Configuration -> Options -> Modules -> System -> Save IP addresses".
Database Queries to Remove Stored IP Addresses
Disabling the permanent storage of IP addresses prevents future addresses from being stored, but it has no impact on existing ones in your database. You may run the following database queries once to erase the previously saved IP addresses.
-- General, applies to everyone UPDATE wcf1_conversation_message SET ipAddress = ''; UPDATE wcf1_user SET registrationIpAddress = ''; -- Only execute this one if the forum app is installed UPDATE wbb1_post SET ipAddress = ''; -- Only execute this one if the blog app is installed UPDATE blog1_entry SET ipAddress = ''; -- Only execute this one if the calendar app is installed UPDATE calendar1_event SET ipAddress = ''; -- Only execute these ones if the filebase app is installed UPDATE filebase1_file SET ipAddress = ''; UPDATE filebase1_file_download SET ipAddress = ''; UPDATE filebase1_file_version SET ipAddress = ''; -- Only execute this one if the gallery app is installed UPDATE gallery1_image SET ipAddress = '';
3. SSL/TLS Encryption
The GDPR requires appropriate technical and organisational measures to protect the data entered in forms from being access by third parties. SSL/TLS encryption secures the communication between the user and the website and thus provides a sufficient level of protection. Furthermore, the use of encryption is expressly recommended by some search engines, e.g. Google, and has a positive effect on search result rankings.
The activation of SSL/TLS encryption is solely performed and controlled by the web server, please contact your provider if you require assistance to get this to work. Neither WoltLab Suite 3.x/5.x nor Burning Board 4.1 will require any configuration in this regards.
4. Embedding External Content
5. Right to Erasure (Art. 17 GDPR)
Users can demand from the operator of a forum that the personal data concerning them be completely deleted. This includes, for example, the e-mail address, possibly stored IP addresses, but also forum posts, if they contain personal data. WoltLab Suite's user administration allows the user profile as well as the content created by a user to be deleted easily and conveniently.
6. Right to Data Portability (Art. 20 GDPR)
Users of the forum have the right to receive personal data concerning them in a structured, common and machine-readable format. WoltLab Suite provides a suitable function in the user administration for the corresponding export of this data.