One issue I can see for existing forums is that there may be other information stored besides the email address, such as age, gender, location and so on that people have to explicitly approve for you to be allowed to use it. So, for anyone who already joined a forum before GDPR, they will need to approve the use of those details, or else the forum owner should delete them. Getting approval can be difficult - people ignore emails, emails get caught in spam traps, people don't read them correctly, people genuinely no longer want that data to be used...), so the forum owner will have to delete at least some existing information before the forum is compliant. To me, that sounds like a fair amount of work.
|