I don’t think the GDPR actually applies to my site, both because we have less than 250 employees, and because we don’t do routine processing of data. However, I still want to do some minimal GDPR compliance just to avoid any problems down the line. I’d like to update my ToS (which must be agreed to in order to register an account), to stipulate that those who register agree to Google Analytics cookie usage (as well as Open edX cookie usage obviously.).
How can I disable everyone’s account, and send a link via email that says “you must agree to the new ToS to keep using your account” and/or prompt them to agree to the updated ToS on their next login? (prompting on next login would be best, because people could claim they never got the email since it went to spam…)
In the interest of ToS accuracy, are there any other cookies I should be aware of that get built into Open edX? E.g. due to “share this course” via Twitter?