Dear all, @juanf @cbarillari
(@khalil.rejiba )
we’re currently in discussion with our legal department and one of the remaining questions is how to deal with Art 17 GDPR, aka deletion of user details. At the moment, as far as I understand, admins can archive the user but the user is still there with the same name/user ID?
Is it possible to change the user credentials to some pseudonym, e.g. Ulrich Kerzel (RWHT my.email@instiution.de) beomes, say, Lord Vader (Imperium, vader@darkforce.universe).
As a work-around (we will have to answer the legal department something…) can we do this (if the need really arises) manually by stopping the openbis server, doing some sort of SQL magic and start it up again?
Many thanks in advance
best wishes
Uli
Dear Uli,
via UI this is not possible. You can of course change usernames in the database directly, but of course you loose traceability.
I can bring up the topic for internal discussion, if this is a requirement.
Best,
Caterina
This topic might also be important for us in the future (for the same reasons Uli mentioned).
Dear @cbarillari
many thanks for the quick reply.
I will double-check but I guess for now it’ll be good enough that we can take the system offline, change the DB manually, bring it back up.
I’m not sure there will be many instances but there are a number of legal aspects we need to cover…
the legal department points to paragraph 17.1 and 17.2 (“right to be forgotten”), we can push this down the line with paragraph 17.3 a few years from now but, in the end, it’ll be a legal requirement that we have “something”…
It’ll apply to the whole EU and since the Swiss equivalent is strongly influenced by the GDPR, something similar might arise on the Swiss side as well.
Changing the name to a pseudoyme seems to be ok, we don’t really want to erase all data.
many thanks again
Uli