Data protection has been an important issue for the operator of a forum at least since the GDPR came into force. WoltLab offers with WoltLab Suite a professional forum software for a GDPR compliant operation of an own forum. We explain the most important things to consider.
- Name and address of the person in charge
- Purposes for which personal data are processed
- Legal basis for data processing
- Data storage duration
- Rights of the persons concerned
2. Storage of IP addresses
The long-term storage of IP addresses in a forum is legally questionable, as the GDPR requires that personal data (including IP addresses) is to be stored only for as long as necessary. In addition, a user has the right to request information about the data stored about them, as well as to request complete deletion of the data. Both would be difficult to implement in practice if many stored IP addresses have accumulated for a user who, for example, has written many forum posts. We therefore recommend disabling the permanent storage of IP addresses. The corresponding setting can be found in the administration interface under "Configuration -> Options -> Modules -> System -> Save IP addresses".
3. SSL/TLS Encryption
The GDPR requires appropriate technical and organisational measures to protect the data entered in forms from being access by third parties. SSL/TLS encryption secures the communication between the user and the website and thus provides a sufficient level of protection. Furthermore, the use of encryption is expressly recommended by some search engines, e.g. Google, and has a positive effect on search result rankings.
The activation of SSL/TLS encryption is solely performed and controlled by the web server, please contact your provider if you require assistance to get this to work. Neither WoltLab Suite 3.x/5.x nor Burning Board 4.1 will require any configuration in this regards.
4. Embedding External Content
5. Right to Erasure (Art. 17 GDPR)
Users can demand from the operator of a forum that the personal data concerning them be completely deleted. This includes, for example, the e-mail address, possibly stored IP addresses, but also forum posts, if they contain personal data. WoltLab Suite's user administration allows the user profile as well as the content created by a user to be deleted easily and conveniently.
6. Right to Data Portability (Art. 20 GDPR)
Users of the forum have the right to receive personal data concerning them in a structured, common and machine-readable format. WoltLab Suite provides a suitable function in the user administration for the corresponding export of this data.