GDPR/DSGVO delete function

I was wondering how the GDPR compliance is realized in zammad. I searched the community forum and GitHub and found lot’s of inquiries beginning in early 2018, however all threads ended/closed without a solution.

The problem for anybody using zammad in a production environment is the requirement by law to be able to view & delete all personal data if required.

I’m aware of the option to delete users and tickets manually in the database. However, this will lead to lots of destroyed databases because even with maximum care sooner or later the admin will do a mistake. Besides that, the law requires any person declared as the data protection officer to be able to view and delete personal data. Usually this person is not an IT-expert and not able to manually work on a database.

Even this issue on GitHub is open since April 2018: https://github.com/zammad/zammad/issues/2074

Did I not find the solution for this issue or what’s the reason for this extremely urgent needed feature still missing?

1 Like

Hi LittleNo,

you can utilze schedulers for this task.

ciao
chris

Sorry but I would never ever encourage anyone to delete users directly inside of the database! (Unless you really want to break things).

Check out our dangerzone for the console:
https://docs.zammad.org/en/latest/console/dangerzone-for-experts.html

Currently the only option to delete users and their tickets (mandatory) is via console or theoretically API. The only “issue” here is, that this is not implemented on our UI. This has several reasons, the biggest one here is that this is a complicate process to automate it in a way that it can never fail. (You don’t want your software to tell you “I removed everything” while it kept information somewhere in the database).

As #2074 and your last comment on there, the “list everything of a specific user” is technically already possible on several ways (console and API) and to some parts also via UI. Yes, this doesn’t create a report, but I think that’s not the job of Zammad here. Anyway, to implement this inside the UI as well, this would require another feature request, because I don’t put this into one line with the needed deletion feature.

I agree, creating a report is a separate feature as deleting. However, they share the same point to start: getting the information in question together

and that’s where the trouble starts. The law requires a way that can be handled by non-technicians

Sorry, I don’t see the problem yet.
Your company is required to share those information any way right? So, you’ll also have an IT-Admin that can to console or API magic, right?

As I said: It’s possible, if you need to do it by a non.technican, your technican can create a script that does the magic on demand for the E-Mail-Address your non technical user provides.
The above will by the way also minimize chances for errors, as a script will always behave the same way.

Don’t get me wrong, I’m not saying that such an feature is no good idea, I’m just pointing out alternatives.

The company is not a company but an authority, but anyway I think requiring IT-skills to be able to meet a law requirement is never a good direction. I think a GUI solution is needed for this issue.

Just out of curiosity, where’s that law?

I didn’t know that the “data protection officer” himself has to push the button - if so, i’d really like to know where that’s written because i’m working at an authority as well. If there just has to be some way (which is the reasoning i know so far) you’re totally fine.

cheers

Instead of deletion it might be an idea to only anonymize the client details like email address and name.

This would meet GDPR regulation but doesn’t break anything in the system.

Interesting thought. But what if a person sent personal information within an email or as an attachment?

I’m going to discuss that point with our data protection officer to be able to supply reliable information

2 Likes

Cool, thank you! Because if that’s true i’d probably have to discuss this with our DPC.

I only know of A17 EU-GDPR where it literally says:
...the controller shall have the obligation to erase personal data without undue delay...

This doesn’t necessarily mean the DPC himself has to do the part he just has do immediately instruct whoever is able to delete the data. At least that’s what our legal department said about that topic.

Source:
http://www.privacy-regulation.eu/en/article-17-right-to-erasure-‘right-to-be-forgotten’-GDPR.htm

As a business in Germany, you will need to keep financial data for 10 years and other data like email conversations for 6 years. So deletion is a problem.

It depends on the case. It would be great if there is an option: deletion or anonymize.

Anonymizing currently already works partly via command line.
At least if you ignore potential sensible information within article bodies (and yes, I am not a fan of doing that automated, because we can impossibly know what’s really sensitive and what’s not).

You can change the customer of the Ticket, which would remove the customer relation of the Ticket. This still leaves you with sensitive information within articles which would mean to manipulate data. This surely isn’t something you’d really want.

Beside, when we’re talking about law: You also are supposed to keep financial E-Mail traffic archived (in a non changable way) which would make a deletion within Zammad “ok” (as you should have those Mail inside an Archive :wink: )

1 Like

Thank you all for contributing to this thread—really looking forward to the answer(s) of the data protection officer(s).

My understanding is that software should provide users/admins with easy-to-use functions. Sure, that would be subjective—some think, API calls are easy to use (I do!), and for some users that would be too much.
You could argue those users should be using (paid) hosted solutions (via zammad.com), but then again, there’s no easy way in the hosted solution, either.

@LittleNo @svnr-dvnkln Have you had the chance to discuss this with your data protection officer yet?

Hey,

i’m still waiting on @LittleNo’s response. Until then my position stays the same.

cheers