luceos Generally the part of the law that most affects Flarum is the "Data subject rights", this site has a pretty good summary of what that means. Notable flarum would need to do the following:
- Right to access
- This means that they can access their personal data, currently the only way to facilitate this is the admin exporting data from SQL queries. This could be automated, the law does not explicitly say how this data needs to be presented (so a JSON file or CSV should be good enough)
- Right to be forgotten
- This basically means that the user should be able to delete their own account. Currently discuss does this via request to the admins.
As an american I'm sure I'm missing some other things, but these two things I think are the most critical for Flarum. Most of the other stuff is up to administrators to do (write privacy policies, notify upon a breach, etc.)