The current data erasure feature is a five-step wizard designed specifically to respond to GDPR data erasure requests. There's an underlying assumption that the user has requested to be deleted from the data controller's systems and the organization can deactivate the user, review and delete/anonymize the content, then delete the user. However there are situations where admins may want to review and edit a user's personal data without deactivating or deleting the user.
For example, the organization may want to keep certain personal data based on a legitimate legal basis (eg; sales history, legal contracts) but delete/anonymize other types of personal data (eg: message board posts).
The current five steps are:
- Deactivate user
- Delete personal site data
- Review potential personal data
- Auto anonymize remaining data
- Delete user
The proposed solution is to change the format of the current five-step wizard to an "a la carte" menu of actions so administrators can review/edit a user's personal data without first deactivating and ultimately deleting the user.
- Currently, deleting personal site data (step 2) is a prerequisite for reviewing potential data (step 3). This is because currently, the data in step 2 will appear in step 3, but will ultimately be deleted when the user is deleted (step 5), thus the anonymization/deletion actions taken in step 3 are misleading/redundant.
LPS-83651may address this dependency by allowing data to be filtered by personal site data and potential personal data.
- Deactivating the user first should be an optional (recommended) step, but not required
- Deleting personal site data, potential data, and auto-anonymizing data (currently steps 2, 3, and 4 of the wizard) can be performed in any order
- Deleting the user is an optional step