We have recently introduced a feature in our application that allows for the export of user statistics. This export includes personally identifiable information (PII) such as names and last names. To ensure compliance with data protection regulations and to maintain transparency with our users, we need to implement several measures:
Inform users that their data can be exported.
Specify the purpose of the data export.
Obtain user consent for data export during the registration process.
Limit the retention of database data to a maximum of three months.
ToDo
[ ] Update Registration Process:
[ ] Add a section in the registration form informing users that their data can be exported and explaining the purpose of this export.
[ ] Include a checkbox for users to accept the conditions related to data export.
[ ] Ensure that users cannot complete the registration without checking the acceptance box.
[ ] Update the terms of service to include details on data export and retention policies.
[ ] Notify user of the change of our terms and service
[ ] Implement a mechanism to automatically delete/anonymize user data from the database after three months and ensure that this deletion process is secure and irreversible.
[ ] Implement an option or button that allows the user to remove their data instantaneously and be provided with proof sent to their email address.
[ ] Back-end modifs :
[ ] Adjust the database schema if necessary to accommodate the new data retention policies.
[ ] Implement the logic for automatic data deletion/anonymization after three months.
[ ] Ensure all exported data follows the outlined purpose and consent guidelines.
Expected Results
All new users will be informed about the data export policy and its purpose during registration.
Users will provide explicit consent to data export by accepting the conditions through the registration checkbox.
User data in the database will be automatically deleted/anonymized after three months, ensuring compliance with the retention policy. The data deletion process will be secure and irreversible, maintaining user privacy. Upon explicit request from the user, the data must be able to be anonymized or deleted instantly and provide proof of it which can be then transferred back to the user.
The back-end will efficiently handle the new data retention and export policies, ensuring that all processes run smoothly and securely.
By implementing these changes, we will enhance transparency with our users, comply with data protection regulations, and maintain a high level of trust and integrity in our application.
Context
We have recently introduced a feature in our application that allows for the export of user statistics. This export includes personally identifiable information (PII) such as names and last names. To ensure compliance with data protection regulations and to maintain transparency with our users, we need to implement several measures:
ToDo
[ ] Update Registration Process:
[ ] Update the terms of service to include details on data export and retention policies.
[ ] Notify user of the change of our terms and service
[ ] Implement a mechanism to automatically delete/anonymize user data from the database after three months and ensure that this deletion process is secure and irreversible.
[ ] Implement an option or button that allows the user to remove their data instantaneously and be provided with proof sent to their email address.
[ ] Back-end modifs :
Expected Results
All new users will be informed about the data export policy and its purpose during registration. Users will provide explicit consent to data export by accepting the conditions through the registration checkbox.
User data in the database will be automatically deleted/anonymized after three months, ensuring compliance with the retention policy. The data deletion process will be secure and irreversible, maintaining user privacy. Upon explicit request from the user, the data must be able to be anonymized or deleted instantly and provide proof of it which can be then transferred back to the user.
The back-end will efficiently handle the new data retention and export policies, ensuring that all processes run smoothly and securely.
By implementing these changes, we will enhance transparency with our users, comply with data protection regulations, and maintain a high level of trust and integrity in our application.