Skip to content

Instantly share code, notes, and snippets.

@andreslucena

andreslucena/Decidim EPIC GDPR.md

Last active May 2, 2018 08:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save andreslucena/ac9799d15af451ad774fa89fedf17516 to your computer and use it in GitHub Desktop.
Save andreslucena/ac9799d15af451ad774fa89fedf17516 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Decidim EPIC GDPR.md

EPIC: GDPR

These are multiple feature proposals to have a better compliance with GDPR (General Data Protection Regulation).

  1. Right of Data Portability
  2. Right to be Forgotten
  3. Unmark "receive information" by default on user creation
  4. Pages version control
  5. TOS accepted at field for users
  6. Unbundled consent on user registration

1. Right of Data Portability

This is a Feature Proposal

🎩 Description

This is a feature proposal to have a better compliance with GDPR (General Data Protection Regulation).

Controllers must make the data available in a structured, commonly used, machine-readable and interoperable format that allows the individual to transfer the data to another controller.

As an user, I should have a button to download all the data that I've uploaded to the platform. For instance, all my personal data (like email) or the proposals that I've created. A safe bet would be almost every content with a user_id relationship. This dump should be sent by email on a background task for better performance.

This development should extend the decidim-core module.

2. Right to be Forgotten

This is a Feature Proposal

🎩 Description

This is a feature proposal to have a better compliance with GDPR (General Data Protection Regulation).

We need to track every deleted user id, so if we have to restore the database there is a procedure where an admin check that this users don’t get recreated.

3. Unmark "receive information" by default on user creation

This is a Feature Proposal

🎩 Description

This is a feature proposal to have a better compliance with GDPR (General Data Protection Regulation).

We need to change the opt-out nature of our newsletter at the moment. We need to have it unchecked by default and it's also important to have a test so we don't have a regression with this feature.

User Story: As a non registered user, when I go to user registration form, I shouldn't see any checkbox marked by default.

📌 Related issues

  • #1280

4. Pages version control

This is a Feature Proposal

🎩 Description

This is a feature proposal to have a better compliance with GDPR (General Data Protection Regulation).

We need to have version control for a few pages, like Terms Of Services. It'd be better to have it on all kind of pages, to track changes on this kind of content.

This development should extend the decidim-pages module.

5. TOS accepted at field for users

This is a Feature Proposal

🎩 Description

This is a feature proposal to have a better compliance with GDPR (General Data Protection Regulation).

We need to track when a user has accepted the TOS (Term Of Service), so if it gets changed we should show the TOS page to accept again. Also on this special page with the TOS we need to have a checkbox unmarked by default.

6. Unbundled consent on user registration

This is a Feature Proposal

🎩 Description

This is a feature proposal to have a better compliance with GDPR (General Data Protection Regulation).

We need to separate better on the user registration page what belongs to the TOS (Terms Of Service) and what belongs to the newsletter.

https://www.econsultancy.com/blog/69253-gdpr-10-examples-of-best-practice-ux-for-obtaining-marketing-consent

@andreslucena
Copy link
Author

This gist was migrated to an issue on decidim/decidim#3320

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment