Details
-
Sub-task
-
Resolution: Obsolete
-
Neutral
-
None
-
None
-
None
-
-
Kromeriz 151, Kromeriz 152
Description
On this page
/travel/contact/confirmation
we should disallow specifying the email address to which the GDPR report will be sent.
- The Report should be sent only to the user who is authorized to create, send and read the report, hence probably the one whose email is already registered in the system under one of the personalFields.
- Cause if the user made a typo while entering "his/her" email, the report with all the personal data could potentially end up in somebody else's hands which is a big GDPR no no.
The page in the end should probably look only just like this:

A second sub-issue:
The email which delivers the report could have GDPR Report in the subject line and the following text in the body:
Hello Please find in the attachment a zipped GDPR report containing files with references to all your personal data used by the site. Thank you