You may even be able to keep comments/posts for longer for general compliance. You will need an audit explaining why and to be prepared to defend it. You won't be able to use such data for analytics.
This is based on my personal layman's understanding. I am NOT a lawyer. I am NOT your lawyer. If you need legal advice consult a competent lawyer in your jurisdiction.
If you are in the EU and press delete and the database owner (data controller) does not delete the post then the database owner is now breaking the law. As of ?may? this will carry significant fines.
I don't think it's the case yet. GDPR will enforce the right to be forgotten and as such truly delete data about you, but other than that, I don't think there are other regulations forcing you to delete data.
I'm not familiar with the specifics of the law, but my guess would be that it does not require that something be deleted upon any delete button click. I would assume it requires full deletion when requested through proper channels.
There are plenty of cases where a system would not function correctly if you are actually erasing DB entries when a user clicks the delete button. In many cases, even the users themselves might expect to be able to undo or go to a delete list and see entries that were deleted.
No, they're required to delete data if you specifically ask them to (they most probably will change "delete account" to "deactivate" and you'll have to send them a snail mail request if you want a complete removal) and they're not obliged to delete data partially - it's either this (deleted=true) or whole account.
EDIT:
In my layman's opinion pressing that button is an explicit request to delete the data. Also the kind of behavior you are suggesting is not private-by-default and goes against the spirit of the law. I don't think that a judge will look kindly on it.
I am not a lawyer. I am not your lawyer. I suggest that you consult a lawyer.
Yes, but right now the law does not apply. In the future they probably will change 'delete' to 'hide' or even get rid of this option and then the rest of what I said applies. I incorrectly said that "they're" instead of "they'll be".
Fines of up to 4% of worldwide revenue or €20 million, whichever is larger. Proving that the data is actually deleted is another matter, but the potential upper bounds of the fines alone place a pretty big incentive on treating all data as if it's tainted.
Many smaller tech companies aren't even chasing the European market yet. My guess is that this will make it an even less attractive market.
That being said, the jury is still out on whether the EU can successfully collect fines from exclusively US based companies.
Large corporations like Google or Facebook have a presence in the EU and can be fined directly. Good luck in the courts enforcing gdpr to US only companies who have no servers or physical presence there. I imagine it will be a difficult process and not worth the effort in most cases.
I suspect this is EXACTLY why Cambridge Analytica is located in the UK, and EXACTLY why, they promoted the Brexit campaign: so that they would be exempt from EU privacy laws.
You have just been hired as their new rockstar developer. If HR lose you over this HR will be taking some flak.
Just speak to your future line manager and explain that you have returned a modified version of the contract and that you hope that they will agree to it soon because you are really excited to start working.
This is based on my personal layman's understanding. I am NOT a lawyer. I am NOT your lawyer. If you need legal advice consult a competent lawyer in your jurisdiction.