GPDR

Moderator: crythias

Post Reply
jmjoussein
OTRS newbie
Posts: 15
Joined: 30 Apr 2014, 10:57
OTRS Version?: 5.0.28

GPDR

Post by jmjoussein » 13 Sep 2019, 11:29

Hi,
European GPDR make us delete customers and agents who are no longer in the company.

But in the documentation i find : Warning:Customers can not be deleted from the system. They can only be deactivated by setting theValidityoption toinvalidorinvalid-temporarily.

So OTRS is not gpdr compliant, do you plan to correct it ?

regards.

wurzel
OTRS guru
Posts: 2743
Joined: 08 Jul 2010, 22:25
OTRS Version?: 6.0.x

Re: GPDR

Post by wurzel » 13 Sep 2019, 12:53

Hi,
jmjoussein wrote:
13 Sep 2019, 11:29
European GPDR make us delete customers and agents who are no longer in the company.
This is not GPDR. Deletion is not always mandatory. There are rules to be followed. Deleting, restricting access or more.
But in the documentation i find : Warning:Customers can not be deleted from the system. They can only be deactivated by setting theValidityoption toinvalidorinvalid-temporarily.

So OTRS is not gpdr compliant, do you plan to correct it ?
The documentation is right. In the meaning of "deletion" the application can not do it. The application itself can be made GDPR compliant. Not in an vanilla installation, but with additional know how.

In any case you can delete the customer_user table record. But this alone will not help you for GDPR compliance.

Flo


For the question: "do you plan to correct it"?
This is a community forum. You might ask in the developpers area or add your valueable code to the git repo.

For the commercial OTRS you have to ask the vendor.

Flo
    ((OTRS)) Community Edition 6.0.x, LAMP LIVE auf Debian 9
    OTRS 7 SILVER

    -- Ich beantworte keine Forums-Fragen PN - No PN please

    I won't answer to unfriendly users any more. A greeting and regards are just polite.

    jmjoussein
    OTRS newbie
    Posts: 15
    Joined: 30 Apr 2014, 10:57
    OTRS Version?: 5.0.28

    Re: GPDR

    Post by jmjoussein » 13 Sep 2019, 14:09

    i am not agree, credentials are personal data, you must delete them when peoples are no longer in the company.

    Deactivate is not enough.

    So, where can i find the "additional know how", because i think just deleting customer_user table records are not a good idea for guaranting OTRS work find.?

    regards

    jojo
    Moderator
    Posts: 14571
    Joined: 26 Jan 2007, 14:50
    OTRS Version?: Git Master
    Contact:

    Re: GPDR

    Post by jojo » 13 Sep 2019, 14:19

    you should contact your data privacy officer to get some more details. There is no written down need to delete data directly as there might be other rules restricting deletion.

    Also anonymisation is possible.

    We are currently working on some more enhancements for OTRS for the GDPR
    "Production": OTRS™ 6, STORM powered by OTRS
    "Testing": ((OTRS Community Edition)) git Master

    Never change Defaults.pm! :: Blog
    Professional Services:: http://www.otrs.com :: enjoy@otrs.com :: Share your ideas

    zzz
    OTRS superhero
    Posts: 242
    Joined: 15 Dec 2016, 15:13
    OTRS Version?: 3.x - 6.0.x
    Real Name: Emin
    Company: Efflux GmbH
    Contact:

    Re: GPDR

    Post by zzz » 13 Sep 2019, 14:21

    Hey,

    If you're just up to getting rid of the old agents, you can simply change their names to something anonymous and set them to invalid.

    But you should definitely not delete something directly from the database (especially not agents).

    Best regards
    Emin
    Professional OTRS services for development, consulting, hosting and support:
    efflux.de – German | efflux.de/en – English

    Free and premium OTRS add-ons (growing):
    portal.efflux.de

    jmjoussein
    OTRS newbie
    Posts: 15
    Joined: 30 Apr 2014, 10:57
    OTRS Version?: 5.0.28

    Re: GPDR

    Post by jmjoussein » 13 Sep 2019, 14:28

    Yes anonymization is an acceptable solution for the GPDR. But need a manual job.
    I think OTRS should do a real ldap or sql synchronization.

    :( :(

    regards.

    jojo
    Moderator
    Posts: 14571
    Joined: 26 Jan 2007, 14:50
    OTRS Version?: Git Master
    Contact:

    Re: GPDR

    Post by jojo » 13 Sep 2019, 14:32

    if you need some details on possible solutions you can contact the company behind OTRS (www.otrs.com)

    If you are really using OTRS 5.0.28 you already do not comply to the GDPR as it is not the latest patchlevel.
    "Production": OTRS™ 6, STORM powered by OTRS
    "Testing": ((OTRS Community Edition)) git Master

    Never change Defaults.pm! :: Blog
    Professional Services:: http://www.otrs.com :: enjoy@otrs.com :: Share your ideas

    Post Reply