Hi.
I have to inplement the new eu gdpr policies and it got me thinking about composr.
Generally i think its in quite good shape with the cookie notices, opt-out and the encryption of the forums through the pem key files.

However what is the situation of encryption of all users profile data like name address email postcode etc.

This would be amazing if it could be implemented and would also need a one time encrypt to lock down existing data.

Any thoughts?

Is there a clear set of bulletpoints somewhere that shows what a website needs to do?

I just Googled around a bit and saw a lot of very vague speak from companies selling stuff.

I think probably improvements could be made regarding easy deletion and easy export of user data.

Regarding encryption, I didn't see a lot about that. Would not just running off an encrypted partition serve the purpose?

Encrypting at the DB level is not viable as you can't query it. Plus it would be an enormous amount of work. The encrypted CPFs are being handled as a special case.

Here's the tracker issue we have:
0000390: Data laws - Composr CMS feature tracker