Polishing functions in the Privacy module
(MGNLPRIV-20)
|
|
| Status: | Closed |
| Project: | Privacy |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Sub-task | Priority: | Neutral |
| Reporter: | Martin Drápela | Assignee: | Unassigned |
| Resolution: | Obsolete | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Template: |
|
| Date of First Response: | |
| Sprint: | Kromeriz 151, Kromeriz 152 |
| Description |
|
On this page /travel/contact/confirmation we should disallow specifying the email address to which the GDPR report will be sent.
The page in the end should probably look only just like this:
A second sub-issue: The email which delivers the report could have GDPR Report in the subject line and the following text in the body:
Hello Please find in the attachment a zipped GDPR report containing files with references to all your personal data used by the site. Thank you |
| Comments |
| Comment by Roman Kovařík [ 01/Jun/18 ] |
The report is send only to the visitor clicking the button. You would need to know the visitor ID (which is stored in visitor browser or email, so you'd need an access to his computer), to get his data.
Visitor can always expose his own data in different ways, but that's not a problem of the data processor. In reality, you can execute multiple confirmation levels (phone/email/post office |
| Comment by Martin Drápela [ 01/Jun/18 ] |
|
If we leave the mail address input field, could we attach to it a processor that would make sure that the report is sent only when the email entered in the field is found in the database and the visitorID is the same for both (in simple terms): createdReport(visitorID) ? If somebody enters a wrong email, no send action will occur. (just a suggestion ... but this is what actually happens underneath when the form is being created and sent) |
| Comment by Roman Kovařík [ 15/Jun/18 ] |
|
Closing as obsolete, the email is now the visitor ID itself. |