Another GDPR Issue! Member Hiding Their Details

Whilst we run a membership organisation for business people to connect, do business etc, we have had a few questions about authority to publish member details in a list.

Our member list is only available to other members, however, is there a way to hide members details from the list? They can already select which bits are published but getting them to confirm initial publication (i.e. switch listing & profile on/off) would be extremely GDPR compliant.

I have been looking around and am sure this feature exists or can be created, but cannot find out how to do this. Anyone with pointers?

You can use CB Privacy and its profile privacy field, which will hide them from userlists as well. If you mean to just be excluded from specific userlists you can create a checkbox field then add a filter to your userlist to not show anyone that doesn't have the field checked or does have it checked.

With that said I believe you've a misunderstanding of GDPRs "Privacy by Design", which has actually nothing to do with forward facing aspect of your site and everything to do with the security of their data (e.g. no exposing passwords to others, no plain text stored passwords, plain text stored credit card numbers, or other plain text stored highly sensitive personal data). You do not have to offer them an option to be excluded from your userlist. You don't have to offer them privacy selection options on the forward facing aspect of your site at all in fact. This is covered in my blog below, which I highly recommend everyone read.

www.joomlapolis.com/blog/kyle/18788-gdpr-compliance-with-community-builder

Kyle,

thanks for the confirmation.

There is some interpretation needed in the guidelines and it is more about giving members choice. No one ever congratulates you for doing a good job (unless it is you guys, here!), but, give someone the chance to complain and BANG!

Kyle,

we are being advised to take a strong & cautious approach to member details (it maybe overkill, but we want to very 'clean' with GDPR).

Is there an easy way to move everyone to Profile Privacy 'Private'? I have been looking at amending everyone on the db, but cannot see which field to change. Ideally, I would to not touch the db, but if I have to, can you advise what to change?

Again, you do not have to do that. That is not what GDPR is about. Will making everyone's profile private defeat the purpose of your site? Is it not clear what is visible (the visible on profile icon is satisfactory for this disclosure)? Your members will no longer be able to see each others profiles in any way. This again is not necessary to be GDPR compliance as explained above and in my blog.

With that said delete all the profile.USER_ID privacy rules within backend CB Privacy > Privacy and set the Profile Privacy fields default to Private. This will force everyone, new and existing, profiles to private.