General Data Protection Regulation (GDPR)

pmlewisuk7 years ago

HI

Does the package support GDPR? or any plans to?

I need to be able to display an EULA and a privacy statement :(

Regards

Mark

Anton Tananaev7 years ago

I haven't thought about GDPR, but what other than an EULA and a privacy statement needs to be there?

Jonny57 years ago

Hi,

What I understand about GDPR so far is the customer has to be informed on what personal data you collect, where you keep it, how you secure it and who you share it with.
There must be a time stamped audit trail of them agreeing to it's collection and use.
A mechanism must be in place for them to request all the data you hold on them.
They can request that all their data is deleted from all systems.

Hope this helps.

Jon

Anton Tananaev7 years ago

User always has access to all collected data, so it shouldn't be a problem.

Deleting user might be an issue because it can have shared devices with other users. What should happen in this case?

Other stuff, I guess, can be covered by terms and conditions page with user confirming it.

Jonny57 years ago

Not sure how feasible this idea is but what if a device was given an "owner" so it could be attributed to a user account.

For example when a new device is added the user who adds it becomes the owner by default.
If their account is deleted all devices they "own" will also be removed.

Ownership of a device can be transferred to another user with appropriate rights if required.
Transfer could only be performed by a user with the rights to do so.
I assume a transfer would require authorisation by all parties involved and documented. This would probably have to be managed by the owner of the site.
The law is somewhat difficult to interpret when it comes to these situations.