Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62892

GDPR user delete process

XMLWordPrintable

    • MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE

      After some weeks with GDPR experience  we came to several cases related to user deletion process we would like to see optimized.

      • When a user account is deleted in the standard process in user management, via csv upload with delete field or external tools (LDAP, webservices etc.) the GDPR compliant process is not started. That means we will store user data in our site without  any option to delete them completely.
      • When a user account was deleted in former days we can't see the user account in the system but data are available in the database.

      This brings me to the question how we can delete such data effectively.  Here some ideas:

      • Site setting for user management that user account deletion starts privacy API user account delete process  starts automatically or the user account is added to the list of accounts for manual confirmation
      • In user upload process settings an additional option settings allows definition how to handle delete in formation in csv file.
      • For external processes that delete user accounts it should be possible to trigger the privacy API delete process.
      • User accounts in database  that are deleted earlier and that are invisible in the interface should be cleaned up on request by an admin process.

      For each of the cases the options could be auto delete by privacy API or adding to the bulk deletion process in privacy API.

      .

            Unassigned Unassigned
            ralfh Ralf Hilgenstock
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.