XF 1.5 Deleting users (GDPR)
- Thread starter HomerJ
- Start date
I thought so, thanks for clarification. Does this mean that once an account is deleted - any subsequent SAR requests wouldn't really be possible, as there's nothing to provide?
I'm aware we're not on a legal forum etc, just looking for some idea based on anyone's experience.
Sure, I believe quoted content is protected under Article 85 GDPR but in terms of actual personal account information (email address, DOB, IP addresses, etc) - excluding backups, on the live system - there wouldn't actually be anything to return, as it's been deleted from the database?
Lee
Well-known member
Just as a FYI it isnt acceptable to delete a user account rather than comply with a request for information.
Sure, but if that was the original course of events e.g. users asks for account to be deleted and the delete button is used. Then a month later decides to ask for a SAR - it's not longer possible as there's no info to provide, correct?
Taking it further, once an account is deleted via the delete button - I can't see why any further emails should be responded to? As they're now asking for info pertaining to an account that no longer exists. They no longer have a way to provide some unique bit of information about an account known only to the forum software and the person emailing (e.g. password, email address) - to identify themselves as being the account owner - as the account doesn't exist?
Lee
Well-known member
That is well and good as long as you aren't holding any other pertinent information such as IP addresses or email addresses and their content posted doesn't contain any personally identifiable information.
Ignoring a request isn't the recommended course of action. You can ask them to verify who they are and refuse a request if you have suspicion, but you cannot ignore a request completey.
Similar threads
- Question
- Suggestion
- Poll
