Erpnext: To make ERPNext for GDPR ready

To fulfil the requirement of GDPR for ERPNext.

http://ec.europa.eu/justice/smedataprotect/index_en.htm3

It is really a must comply… don’t you think?

Suggestion:

A module gives end-user visibility to the data stored about himself/herself and aims to help site admins follows the guidelines and legislation set by the EU.

Basic GDPR Compliance use cases:

• [ ] Form checkboxes (contact + login) - not accepted the form until not checked
• [ ] Pop-up alert (GDPR + privacy policy) - on login page +contact page
• [ ] Privacy Policy Page - separate from all other (must be separate)

Features:

• [ ] Checklist for site admin (recommend cookie consent, check if there is privacy policy page etc).
  The primary goal is to prevent developers from accessing user data.

Hard coded features /is it important?/:

• [ ] Adds data anonimization features so the data will still be available for statistical and history purposes but will not allow to identify a user and the store will comply with the GDPR directive.

• [ ] mask all the current data in your database related to the users.
• [ ] could be really useful when considering the new GDPR legislation, as all the user data could easily be masked in development/local copies.

Addition features

• [ ] Allow logged in user to see all raw data stored about himself/herself (user entity).
• [ ] Allow user to initiate “forget me” action from site admins.
• [ ] More items and recommendations to checklist.
• [ ] Make sure user can rectify all data about himself/herself.
• [ ] Allow user to remove the account (content is not removed+but notified to admin).
• [ ] Make API for other contrib modules to announce user data store.

Make no mistake

Don't assume that if you've enabled the GDPR , you're done ...
GDPR will apply to any ERPNext site that deals with users, site visitors, etc, who are from the EU (which public site does not do so?) ...

Please refer to this discussion:

https://discuss.erpnext.com/t/is-erpnext-gdpr-ready/23103