[wp-trac] [WordPress Trac] #43443: Add a method for confirmation of requests for deleting or anonymizing of personal data

WordPress Trac noreply at wordpress.org
Thu Mar 8 00:00:29 UTC 2018 

#43443: Add a method for confirmation of requests for deleting or anonymizing of
personal data
-------------------------------------------------+-------------------------
 Reporter:  azaozz                               |       Owner:  mikejolley
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  5.0
Component:  General                              |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  gdpr has-patch dev-feedback needs-   |     Focuses:
  testing                                        |
-------------------------------------------------+-------------------------

Comment (by allendav):

 Replying to [comment:5 azaozz]:
 > > Log confirmed requests and perhaps show them on the dashboard
 >
 > Was thinking about this a bit more: instead of deleting the confirmation
 token from the DB perhaps we can set a "confirmed" status on it and keep
 it until the action is performed?
 >
 > Also, may be better to have a permanent log. Perhaps we can make a new
 private CPT (without editor, terms, revisions, etc. support) that will
 hold the log. Then can use postmeta to store the tokens on it. After the
 action is performed can add a row with the date and type of action but not
 the user email so it is anonymous.

 I like the idea of a privacy actions log, but since that may lead us to
 having to have a separate db table, I recommend we break that out into a
 separate issue and implement this issue as a priority without that sub-
 feature.

 A privacy actions to-do-list/log could be useful for demonstrating
 compliance or even just for knowing who did what and when. I don't get the
 impression from Article 30 or Recital 82 that the GDPR requires this to be
 automated or electronically held however, so I recommend a lower priority
 for privacy actions logging, but IANAL.

 Maybe for V1 we just leave request tracking to the administrator(s) and
 their email inbox :)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43443#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list