Open vyskoczilova opened 6 years ago
ePascalC
commented
6 years ago I think you need to document changes that are happening over time in how you handle data (track changes), but I do not recall that you need to track the users requests... But let's find out!
ePascalC
commented
6 years ago @vyskoczilova Any possibilities to get some more info on what your advocate was referring to? In the regulation I find art28 and 47 that refer to changes but all are towards the processor or supervisor that then needs to do their job and inform where needed.
<...> the mechanisms for reporting and recording changes to the rules and reporting those changes to the supervisory authority;
The processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes
dejliglama
commented
6 years ago @vyskoczilova aaah, logs are a huge concern, and while I have a simple solution to to this, the simple storing of an anonymized log in WP isn't much good.
For 1 reason: what if you roll back to a previous backup of database and WP files?
vyskoczilova
commented
6 years ago @ePascalC I can ask him again, I will talk to him next week. He just said, that its needed (for bigger clients to keep track what has happened with the data if they got deleted we should have a proof that the client requested it). Should I or it's not needed because @dejliglama is already planning to do that.
@dejliglama That sounds good, it would solve a lot of troubles.
Do you plan to add as well some simple "tracking changes" log? My advocate told me something about this - you should monitor when the user has requested to do what with his information (I think is obligatory for medium and bigger businesses and for the small ones it's just "recommended").