After some weeks with GDPR experience we came to several cases related to user deletion process we would like to see optimized.
- When a user account is deleted in the standard process in user management, via csv upload with delete field or external tools (LDAP, webservices etc.) the GDPR compliant process is not started. That means we will store user data in our site without any option to delete them completely.
- When a user account was deleted in former days we can't see the user account in the system but data are available in the database.
This brings me to the question how we can delete such data effectively. Here some ideas:
- Site setting for user management that user account deletion starts privacy API user account delete process starts automatically or the user account is added to the list of accounts for manual confirmation
- In user upload process settings an additional option settings allows definition how to handle delete in formation in csv file.
- For external processes that delete user accounts it should be possible to trigger the privacy API delete process.
- User accounts in database that are deleted earlier and that are invisible in the interface should be cleaned up on request by an admin process.
For each of the cases the options could be auto delete by privacy API or adding to the bulk deletion process in privacy API.