GDPR, the General Data Protection Regulation (GDPR), took effect May 25th 2018. A European privacy law, GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. GDPR applies no matter where you are located.
In the Power Apps Community, the user can delete their MSA account permanently. The user will be signed out as soon as the account is deleted. Upon deletion of an MSA account, done from your Privacy Dashboard, your account with Power Apps Community is also deleted and all PII data is deleted permanently.
In the Power Apps Community, the user can close his/her AAD account permanently. The user will be signed out as soon as the account is closed. Closure clears all Personally identifiable information (PII) fields in the Community. Upon closure of an AAD account, done by your organizational administrator, your account with Power Apps Community is also closed and all personal data is deleted permanently.
When GDPR is enabled, Community members can opt to download his/her community content and personal information associated with his/her account for offline storage/reference. Community members who decide to leave the Community can download this content before they close his/her accounts. To download your Community content and personal information:
Users are able to partially delete PII data. In other words, users will be able to delete one or more of the identified PII fields selectively.
A user's contribution (posts, comments) and engagement (kudos, accepted solutions) will be retained in the community after account deletion. They will be disassociated to an anonymous user. The "Anonymous User" will have a standard user name and a default avatar to distinguish it from other users.
Users are advised not to share any personal data in posts or attachments, and the Community moderation policy is expected to enforce this. The "users delete option" will not systematically auto-clear any personal data inadvertently included in posts, attachments, messages, etc. This will fall under the purview of Community moderation.
The SLA for Account close is 30 days.
A deleted account can not be recovered if a user changes their decision at a later time. The user will need to wait 10 days before they can sign up again with the same email address, but this process does NOT recover the users community account. It treats the user as a fresh new user and none of his/her previous contributions can be restored.
After the required wait time, and if available, the user might be able to use the same user name in the Community. However, it will be treated as a new account with no association to the previous user.