- A site with a Data Protection Officer (DPO) role set up as described in the documentation Data Protection Officer role. A user should be assigned the role of DPO in the system context.
- The 'Contact Data Protection Office' checkbox to be ticked in 'Privacy settings' in the Site administration.
You may use the QA testing site for this test, which has a DPO role already set up and a user assigned the role. The site also has the 'Contact Data Protection Office' checkbox ticked.
- Log in as an ordinary user and go to your profile page.
- Click the 'Data requests' link.
- Click the 'New request' button then in the form select 'Delete all of my personal data' and enter a comment, then save changes.
- Verify that on the Data requests page, the message 'Your request has been submitted to the site's Data Protection Officer' is displayed and your data request is listed with status 'Pending'.
- Click the 'New request' button again, and try making another request to delete all of your personal data.
- Verify that the message 'You already have an ongoing request.' is displayed.
- Log out then log in as the DPO.
- Verify that you have an delete personal data request notification.
- Click the link to view the full notification and verify that the comment is correct.
- Click the 'Data requests' link and verify that the request is listed with status 'Awaiting approval'.
- In the actions dropdown try viewing the request then approving it.
- Verify that the request is now listed with status Approved.
- Log out then try logging in again the user.
- Verify that the message 'Invalid login, please try again' is displayed, and that you are unable to log in (as the account has been deleted).