Open MandatInternational opened 2 years ago
Related to that. A user can create an "Organization". Then in the "Members" section, users can add to their organization any other user of the system. They even get suggestions of all users in the system simply by typing two letters. A user is added to another's user organization without giving consent. Finally, a user can view the details of all other users he has added to his organization.
Yes, exactly. This is not really compliant with GDPR. To come back to my initial question, is it scheduled to change this behavior?
For a given application, is it possible to hide the authorized users of this application on the Web portal of Keyrock? The rationale behind this question is to be fully compliant within the privacy, in particular the GDPR. Normally, a user connected to the Web portal of Keyrock should not know the name and the email address of the other users authorized for this application, considering that the username and his email address are personal data.