[Raion]

There's other developments afoot, but I did want to hear from the community on this to better understand the concerns of our EU users. 

When I started this I proudly boasted that I had no intention of complying with GDPR or any other EU regulations, especially as the site is based in the US, where EU law could only be enforced by a treaty. This treaty doesn't exist, so any fines they leveraged against me would simply be into collections until I settled in Europe (Which if people know me, I wouldn't even settle in my own native Portugal or Spain) or was in a country where they had a treaty sufficient to serve me with. 

The dust has settled and GDPR panic does seem to be overblown, and in some ways more of a whimper than an actual bark. That being said, if it's important to the EU members I'm willing to hear them out. 

There do exist plugins to deal with GDPR things, such as account deletion requests (I will probably not utilize this mode, as there's issues that phantom posts create in topics) the ability to download user data in a format, etc. The plugin is called MyBB Amnesia and it's by a guy called Kane Valentine, who goes by Kawaii (to be fair, he's got good taste in anime it seems, so I'm not judging him). 

Should we bother? Is any of this remotely important to anyone here? 

I will note, that I won't let censorship from the EU bleed into the forum. Whether that be over Article 13 or whatever they're calling it nowadays, or if someone gets upset if a user says "Germany sucks!" or whatever. It's not gonna happen here. But I do want to keep the EU users happy. So let me know if this is remotely important. No response means that "Yeah Raion, you suck and should toss this topic in the bin!" (this is a JonTron reference, the original is: "Wow, Bootleg Mufasa! You sure do suck, and I wish I never invited you over!" from the bootleg episode. If you don't go watch JonTron, go and watch him. Quality content from a Persian-American guy.)
Wow, Bootleg Mufasa! You sure do suck, and I wish I never invited you over!

[Trippynet]

The importance here is the ability to see personal information and to request deletion of it, plus to ensure that any personal information is stored securely. Oh, and to ensure that you're not storing unnecessary personal data. An important point is that GDPR only applies to personal data, not everything. Hence none-personal data, anonymised data etc. are not covered by GDPR.

Are posts personal information? I don't think so - unless someone posts personal information, and in which case they are making a conscious decision to share that data publicly. Hence so long as a user can view all personal data you hold on them, request deletion of their account/data (even if posts are retained), and so long as adequate measures are in place to protect user data - then you don't really have an issue.

Best bet is a simple "privacy policy" that sets these details out, and a check-box when registering to acknowledge that you agree that your data is stored in line with the site's privacy policy.

I agree that a lot of GDPR stuff is blown out of proportion, it's not that difficult to comply with GDPR really.

[jpstewart]

I can't find the link right now (short on time -- I'll look it up in a day or two if you want it), but I read an article about the GDPR from a reliable source that basically said it only applies to sites based in the EU or specifically marketed towards EU members. 

According to that article, a website based outside the EU and targeting either a global audience or non-EU countries does not need to comply with the GDPR, even if the site has users from EU countries where the GDPR would normally apply.  The GDPR would only come into play for a website based outside the EU if it offered one or more localized versions for EU countries.  So it doesn't apply to irixnet.org since you're based outside the EU and not specifically targeting member countries.  Now if you added irixnet.de or irixnet.fr with translations to the local language to target users from those countries (like Google does, for example), then the GDPR becomes relevant.

I've come to the conclusion that the GDPR is totally not applicable (which is stronger wording than saying it is "unenforceable") to the sites I manage in .ca.  I don't see how it could possibly apply to irixnet.org in its current form either.

[Raion]

Thanks for the input JP. I'm aware we got little obligation to apply the rules of the EU here, but if there's anything important to users here, I'd rather hear it from them since we're an international community.

[Jacques]

Thanks for the input JP. I'm aware we got little obligation to apply the rules of the EU here, but if there's anything important to users here, I'd rather hear it from them since we're an international community.

Couldn't care about gdpr here, the site doesn't hold any sensitive information on me so bleh.

[sgt_barnes]

IMHO, the whole thing burns down to the following: If you do business with EU customers (and therefore have something to loose when being sanctioned), then you should care about gdpr.

irixnet.org? Forget the whole stuff.

On a side note: I think you are already fully compliant, by securing your user database and deleting a user's personal data (or in other words: his name and e-mail) on request. And both is common sense for site admins, anyway.

This was hyped up way more than it should have been.