-
XWiki Standard only manipulate cookies which are functionally needed (mostly the id of the session and credentials related information to get automatically re-logged if you enable it) so that part should be fine from GDPR point of view. Then I guess it’s more about the policy of the specific XWiki instance run by someone (removing personal data if a user request it, etc.).
-
Here’s a checklist: GDPR compliance checklist - GDPR.eu
-
Cookie extension: https://store.xwiki.com/xwiki/bin/view/Extension/GDPRCookieConsent/
making sure someone in your organization is accountable for GDPR compliance.
Not that easy on xwiki.org
This is important for the running instance, not everything apply to us as XWiki Standard but some do apply to xwiki.org website.
We could have one of the committers take this role I guess but we’d need to find one willing to do so, same for DPO, etc
It’s easy for your customers to request and receive all the information you have about them.
Exporting the user profile page (with the xobject data) is one way to gather that info. Ofc if someone wrote personal info inside wiki pages, then it’s up to them to gather them but xwiki supports searching/tagging to help with this and page content can be exported.
Now we could also imagine an extension to help with this. It could list all user data + find all pages contributed to by the user (even possibly with diffs) + page content mentioning the user name/id (with a search).