Project

General

Profile

Actions

Feature #41203

closed

RGPD Compliance

Added by YoZ Art 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Administration
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid

Description

I'm trying to figure out how to be RGPD compliant in Redmine.

When you delete a user, it will set everything own by this user as "Anonymous". Anonymyzing data is a way of being RGPD compliant but I can't delete all users obviously.

Instead of that, I would like to have a feature that will anonymize everything which is older than XXX months.

Do you see a way of doing it ? I dind't found any plugin, nor existing feature in Redmine. Is it something planned ? That you are discussing about ?

Otherwise, any idea how I can perform this (in SQL maybe - do you have a table/field list that I can use to perform this ?)


Related issues

Related to Redmine - Defect #28882: GDPR complianceConfirmedJean-Philippe Lang

Actions
Actions #1

Updated by Go MAEDA 3 months ago

Actions #2

Updated by Holger Just 3 months ago

At first: none of the people here (including me) here are lawyers, and especially not YOUR lawyers. Thus, none us us here can give you any binding legal advice about how to handle personal data. Your situation may be special and you may have more restrictive requirements than others. If you have questions here about what you can or have to do, you should ask a specialized layer.

With that being said, within the context of an issue tracking system, the connection between issues and users can often be processed under the "legitimate interest" clause, as the the user details and its connection to issues are required for the service (i.e. the issue tracking) to be performed. Here, it is often sufficient to only delete / anonymize data when a user specifically asks for it.

As for anonymizing any "older" data: that doesn't sounds like it would actually solve much as then, the old stored data may become rather useless in its entirety if it is entirely anonymous. Thus, it may be a better solution to just fully delete old issues if you need to remove that data. You could use the "Updated" issue filter to find issues which were not updated for say 6 months to then bulk-delete them.

Other data (such as authorships of wiki pages or forum posts) can not be deleted that way though. Here, the only solution is to actually remove the user which will update all authorships of all objects of this user to refer to the anonymous user instead.

Actions #3

Updated by Marius BÄ‚LTEANU 3 months ago

  • Status changed from New to Closed
  • Resolution set to Invalid
Actions

Also available in: Atom PDF