Filter CB > User Management then mass-delete would be fastest way to do this manually. You can automate user deletion I suppose using CB Auto Actions, but I don't recommend automating such an operation as if not done 110% correctly could result in accidental deletion of active users.

Is or has Community Builder Dev taken a position to provide capabilities specifically relating to GDPR - given that's it's the law in all European Economic Areas, Norway and Iceland, and for anyone that holds EU citizen data, it would be much easier to have this as a standard function in CB rather than having to write scripts etc., which for me in any case is not that easy.

Folks, please understand GDPR is not a problem for CB to solve. It is an individual problem you must solve for your own site. We provide tools to be compliant, at least in a manual way, we've no plans to hardcode in a "1 button GDPR compliant" feature; that would be impossible. GDPR needs to be evaluated on a per-site basis and per-country basis as these laws don't apply to everyone.

To clarify what I mean by this is you need to evaluate your need for compliance based off what you collect, for what purpose, and from whom. This makes it a problem for you to solve based off the needs of your site. CB it self is simply a tool and will provide tools to help with compliance, but we can not meet every per-site usage needs like data lifetime which is entirely based off the services rendered by the site it self.

We will be providing a Joomla plugin, for free, to integrate with Joomla 3.9 core privacy extension meant to tackle this very thing when possible. CB Privacy it self can allow users to delete themselves, secure their data via privacy controls, and eventually will have a easy export feature built in.

so if you think that basically your European clients are not imporant enough to provide some automated capabilities to for a major law that affects how we deal with data, and which CB IS ALL ABOUT, then its a bit sad really.

That is not what I'm saying at all. We already provide the functionality to partially automate GDPR compliance and manual processes for the rest. We don't have a means of automating deleting users off a schedule and never will as it's far too dangerous to do. We have to weigh the pros and cons of implementing stuff like that. The big con is thousands of our users slamming support because they accidentally purged their entire database of user data.

As an example one of our suppliers, J2Store (shopping cart for Joomla) - issued as special GDPR APP that when uploaded (optional) makes it so easy to handle GDPR access requests, allows users to delete their data etc. which made our life very simple and us much esaier to comply.

Users can already delete themselves using CB Privacy and Joomla 3.9 privacy component will also allow this, which again we will integrate with. CB Privacy will also eventually allow a user to 1 click export their data, which again Joomla 3.9 privacy component will allow for this as well.

I would appreciate you rethink this. I'm not being difficult, just practical, and if you are expecting all your affected clients to each do their own manual prcoessing, and struggle on their own, then maybe it sends a strong message to us about how valuable we are or not to you.

As said in my previous reply we will be integrating with Joomlas core privacy component meant to centralize handling of GDPR compliance. I see no reason for us to specifically design a plugin to handle this when we, and everyone else, should be integrating directly with Joomlas core component for handling this. This provides a centralized hub for GDPR compliance instead of a dozen per-component implementations, which ironically goes against GDPR as it needs to be easily accessible.

Have added some clarification to my original reply to help avoid some confusion. I'll be working on a blog on how to be GDPR compliant with CB and the products it offers. I'll provide instructions for those that are subscribers and those that are not, which will hopefully ease the process. Please keep in mind automation is not a requirement of GDPR and while we will provide as much automation as reasonably possible some things will have to be done manually (e.g. article 5 clause 1e is all about not keeping data longer than necessary; it's not possible for us to determine this for you, but tools are available to purge said data as needed).