Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-83650

Implement "Delete Personal Data" redesign to incorporate search, filtering, hierarchy, etc

    Details

      Description

      Details

      The current data erasure feature is a five-step wizard designed specifically to respond to GDPR data erasure requests. There's an underlying assumption that the user has requested to be deleted from the data controller's systems and the organization can deactivate the user, review and delete/anonymize the content, then delete the user. However there are situations where admins may want to review and edit a user's personal data without deactivating or deleting the user.

      For example, the organization may want to keep certain personal data based on a legitimate legal basis (eg; sales history, legal contracts) but delete/anonymize other types of personal data (eg: message board posts).

      The current five steps are:

      1. Deactivate user
      2. Delete personal site data
      3. Review potential personal data
      4. Auto anonymize remaining data
      5. Delete user

      The proposed solution is to change the format of the current five-step wizard to an "a la carte" menu of actions so administrators can review/edit a user's personal data without first deactivating and ultimately deleting the user.

      Technical Considerations

      • Currently, deleting personal site data (step 2) is a prerequisite for reviewing potential data (step 3). This is because currently, the data in step 2 will appear in step 3, but will ultimately be deleted when the user is deleted (step 5), thus the anonymization/deletion actions taken in step 3 are misleading/redundant.
        • LPS-83651 may address this dependency by allowing data to be filtered by personal site data and potential personal data.

      Requirements

      • Deactivating the user first should be an optional (recommended) step, but not required
      • Deleting personal site data, potential data, and auto-anonymizing data (currently steps 2, 3, and 4 of the wizard) can be performed in any order
      • Deleting the user is an optional step

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package