As a software administrator, I want to review, edit, anonymize and delete personal information of an user within Forms

As a software administrator, I want to review, edit, anonymize and delete personal information of an user in Forms, so that I can respect the GDPR compliance of the user's right to be forgotten

Context

Data Erasure (AKA Right to be Forgotten)
The right to be forgotten (technically known as the “right to erasure”) requires organizations to delete an individual’s personal data upon his or her request. Personal data is considered erased when the data can no longer be reasonably linked to an identifiable individual. For other applications in Liferay DXP this is already implemented, administrators can review content that potentially contains personal information and edit, anonymize or delete as needed through a simple interface. The goal of this story is to add Forms to that list of applications supported.

To achieve that, we shall leverage the existing UAD Framework the U&SM team built:

• https://www.google.com/url?q=https://portal.liferay.dev/docs/7-2/frameworks/-/knowledge_base/f/managing-user-associated-data-stored-by-custom-applications&sa=D&ust=1561488625232000&usg=AFQjCNEC5IrgLooyNnna6WCBaS848ZitZw
• https://www.google.com/url?q=https://portal.liferay.dev/docs/7-2/user/-/knowledge_base/u/managing-user-data&sa=D&ust=1561488625233000&usg=AFQjCNEdhly4_DiA7lIOwY0eWJPJdtVOGA

IMPORTANT: Once the actual user's data are store in the entries of the forms, the content that shall be reviewed, edit, anonymize or delete by the administrators are the entries submitted by the user in any forms. (doesn't make sense to review, edit, anonymize or delete forms created by the user, once ain't personal data in the forms itself, just fields).

Acceptance Criteria:

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User, then the Admin should be able to review all the data that as been submitted by this user in all and any Liferay Forms;

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User, then the Admin should be able to edit the entries' data submitted by this user in all and any Liferay Forms;

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User, then the Admin should be able to anonymize (disassociate) the submitted data from this user in all and any Liferay;

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User, then the Admin should be able to delete the submitted data by this user in all and any Liferay Forms;

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User, then each entry submitted by the user in all and any Liferay Forms must be counted in the "Remaining Items" of the "Status Summary";

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User, then the Admin should be able to filter the data submitted by this user in Liferay Forms per scope (Personal Site, Regular Sites or Instance);

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User, then the Admin should be able to filter and see only the data submitted by this user in Liferay Forms (Personal Site, Regular Sites or Instance);

• Given that a user has submitted personal data in one or more forms powered by Liferay Forms, when the Admin accesses the "Delete Personal Data" feature for this User and uses the "Auto Anonymize Data" feature, then the system must also anonymize (disassociate) the submitted data from this user in all and any Liferay.