After some discussion on open.rocket.chat it appears there is a major GDPR compliance issue with RocketChat and Livechat data which makes Rocket chat non GDPR compliant at this point of time if you use the Livechat widget (and possibly Form items via the API)
The issue originally raised was how to hide or disable the IP address collected for Livechat agents.
It transpires that not only is this data then stored in the Livechat record, but if that record is deleted the data remains in the database with no easy way to delete it.
This make anyone using a Livechat widget unable to comply with GDPR.
- On/Off switch for Email address collection in Widget
- On/Off switch for background IP address collection in Widget
- Deletion of Livechat record should remove all data from the database (retrospectively too)
References: https://github.com/RocketChat/Rocket.Chat/issues/9684 https://github.com/RocketChat/Rocket.Chat/pull/10584