Reply To: COG Store

[limburger 21714xp 0]

(disclaimer : I’m not a lawyer and am only using my own limited experience in this as a result of my current job)

The GDPR (General Data Protection Regulation) states that you should only have access to (personal) data that is needed to do your job.

This is not a new concept, but (what should be ) common sense has been given ‘legal’ form (with very high fines that can kill small companies ).

Those maintaining the forum therefor should not have access to personal data like addresses and real world locations.
Likewise should those working at the webshop not have access to forum posts of any given customer.

This is a bit silly in small companies when people tend to wear multiple hats.

Another reason is that by separating these systems it is easier to remove users without causing problems (and potential data leaks) in the other one. This is the ‘The right to erasure’ which you might have heard about.

Such things are not impossibly to solve, but given that there is very little to gain and a ton of problems to be had it is better to be safe than sorry.

https://gdpr.eu/what-is-gdpr/